[packages/openssh.git] / opensshd.init

#!/bin/sh
#
# sshd		sshd (secure shell daemon)
#
# chkconfig:	345 22 88
#
# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
#		Ssh can be used for remote login, remote file copying, TCP port \
#		forwarding etc. Ssh offers strong encryption and authentication.

# Source function library
. /etc/rc.d/init.d/functions

upstart_controlled --except init configtest

# Get network config
. /etc/sysconfig/network

SSHD_OOM_ADJUST=-1000
PIDFILE=/var/run/sshd.pid

# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

# Check that networking is up.
if is_yes "${NETWORKING}"; then
	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
		msg_network_down "OpenSSH"
		exit 1
	fi
else
	exit 0
fi

adjust_oom() {
	if [ -e $PIDFILE ]; then
		for pid in $(cat $PIDFILE); do
			echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
		done
	fi
}

checkconfig() {
	ssh_gen_keys
	/usr/sbin/sshd -t || exit 1
}

ssh_gen_keys() {
	# generate new keys with empty passwords if they do not exist
	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
	fi
	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_rsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_dsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_ecdsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	fi # ecdsa
}

start() {
	# Check if the service is already running?
	if [ -f /var/lock/subsys/sshd ]; then
		msg_already_running "OpenSSH"
		return
	fi

	checkconfig

	if [ ! -s /etc/ssh/ssh_host_key ]; then
		msg_not_running "OpenSSH"
		nls "No SSH host key found! You must run \"%s init\" first." "$0"
		exit 1
	fi

	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
		OPTIONS="$OPTIONS -4"
	fi
	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
		OPTIONS="$OPTIONS -6"
	fi

	msg_starting "OpenSSH"
	daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
	RETVAL=$?
	adjust_oom
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
}

stop() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		return
	fi

	msg_stopping "OpenSSH"
	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	# critical service as sshd to kill it by procname, but unfortunately
	# rc-scripts does not provide way to kill *only* by pidfile
	start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail
	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
}

reload() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		RETVAL=7
		return
	fi

	checkconfig
	msg_reloading "OpenSSH"
	killproc sshd -HUP
	RETVAL=$?
}

condrestart() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		RETVAL=$1
		return
	fi

	checkconfig
	stop
	start
}

RETVAL=0
# See how we were called.
case "$1" in
  start)
  	start
	;;
  stop)
  	stop
	;;
  restart)
	checkconfig
	stop
	start
	;;
  try-restart)
	condrestart 0
	;;
  reload|force-reload)
	reload
	;;
  configtest)
	checkconfig
	;;
  init)
	nls "Now the SSH host key will be generated. Please note, that if you"
	nls "will use password for the key, you will need to type it on each"
	nls "reboot."
	ssh_gen_keys
	;;
  status)
	status --pidfile $PIDFILE sshd
	exit $?
	;;
  *)
	msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
	exit 3
esac

exit $RETVAL
Commit	Line	Data
cf3b46d6 AF	1	#!/bin/sh
	2	#
	3	# sshd sshd (secure shell daemon)
	4	#
8f0031d7	5	# chkconfig: 345 22 88
cf3b46d6	6	#
4a9f24b4	7	# description: sshd (secure shell daemon) is a server part of the ssh suite. \
4a9f24b4	8	# Ssh can be used for remote login, remote file copying, TCP port \
cf3b46d6 AF	9	# forwarding etc. Ssh offers strong encryption and authentication.
cf3b46d6 AF	10
cf3b46d6 AF	11	# Source function library
	12	. /etc/rc.d/init.d/functions
	13
c303393a ER	14	upstart_controlled --except init configtest
c303393a ER	15
cf3b46d6 AF	16	# Get network config
	17	. /etc/sysconfig/network
	18
3cd7ffe2	19	SSHD_OOM_ADJUST=-1000
df55b69c	20	PIDFILE=/var/run/sshd.pid
3cd7ffe2	21
cf3b46d6 AF	22	# Get service config
	23	[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
	24
	25	# Check that networking is up.
7d58fbb0	26	if is_yes "${NETWORKING}"; then
224aaee1	27	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
e6635719	28	msg_network_down "OpenSSH"
7d58fbb0	29	exit 1
	30	fi
	31	else
	32	exit 0
cf3b46d6	33	fi
a1c37c17	34
32322335	35	adjust_oom() {
df55b69c ER	36	if [ -e $PIDFILE ]; then
df55b69c ER	37	for pid in $(cat $PIDFILE); do
9172cbe8	38	echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
141073f0 ER	39	done
141073f0 ER	40	fi
32322335 AM	41	}
32322335 AM	42
945a8076	43	checkconfig() {
d27ccc9b	44	ssh_gen_keys
945a8076 ER	45	/usr/sbin/sshd -t \|\| exit 1
	46	}
	47
e6635719	48	ssh_gen_keys() {
3c573fc0	49	# generate new keys with empty passwords if they do not exist
3c573fc0	50	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
e6635719	51	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
7d58fbb0	52	chmod 600 /etc/ssh/ssh_host_key
e6635719	53	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
3c573fc0	54	fi
3c573fc0	55	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
e6635719	56	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
7d58fbb0	57	chmod 600 /etc/ssh/ssh_host_rsa_key
e6635719	58	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
3c573fc0	59	fi
3c573fc0	60	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
e6635719	61	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
7d58fbb0	62	chmod 600 /etc/ssh/ssh_host_dsa_key
e6635719 ER	63	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
e6635719 ER	64	fi
7b384e20 AM	65	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
	66	/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
	67	chmod 600 /etc/ssh/ssh_host_ecdsa_key
	68	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
95191792	69	fi # ecdsa
e6635719 ER	70	}
	71
	72	start() {
	73	# Check if the service is already running?
	74	if [ -f /var/lock/subsys/sshd ]; then
	75	msg_already_running "OpenSSH"
	76	return
3c573fc0	77	fi
3c573fc0	78
945a8076 ER	79	checkconfig
945a8076 ER	80
e6635719 ER	81	if [ ! -s /etc/ssh/ssh_host_key ]; then
e6635719 ER	82	msg_not_running "OpenSSH"
7d58fbb0	83	nls "No SSH host key found! You must run \"%s init\" first." "$0"
01d1f289	84	exit 1
01d1f289	85	fi
3c573fc0	86
1292c55e ER	87	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
	88	OPTIONS="$OPTIONS -4"
	89	fi
	90	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
	91	OPTIONS="$OPTIONS -6"
	92	fi
	93
e6635719	94	msg_starting "OpenSSH"
df55b69c	95	daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
e6635719 ER	96	RETVAL=$?
	97	adjust_oom
	98	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
b10eed65 ER	99	}
	100
	101	stop() {
3cd7ffe2	102	if [ ! -f /var/lock/subsys/sshd ]; then
e6635719	103	msg_not_running "OpenSSH"
3cd7ffe2	104	return
a1c37c17	105	fi
3cd7ffe2 ER	106
	107	msg_stopping "OpenSSH"
	108	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	109	# critical service as sshd to kill it by procname, but unfortunately
	110	# rc-scripts does not provide way to kill only by pidfile
df55b69c	111	start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok \|\| fail
3cd7ffe2 ER	112	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
	113	}
	114
	115	reload() {
	116	if [ ! -f /var/lock/subsys/sshd ]; then
	117	msg_not_running "OpenSSH"
	118	RETVAL=7
	119	return
	120	fi
	121
	122	checkconfig
	123	msg_reloading "OpenSSH"
	124	killproc sshd -HUP
	125	RETVAL=$?
b10eed65 ER	126	}
b10eed65 ER	127
8e8276e5 ER	128	condrestart() {
	129	if [ ! -f /var/lock/subsys/sshd ]; then
	130	msg_not_running "OpenSSH"
	131	RETVAL=$1
	132	return
	133	fi
	134
	135	checkconfig
	136	stop
	137	start
	138	}
	139
b10eed65 ER	140	RETVAL=0
	141	# See how we were called.
	142	case "$1" in
	143	start)
	144	start
	145	;;
	146	stop)
	147	stop
cf3b46d6	148	;;
cbd44157	149	restart)
945a8076	150	checkconfig
b10eed65 ER	151	stop
b10eed65 ER	152	start
cf3b46d6	153	;;
8e8276e5 ER	154	try-restart)
	155	condrestart 0
	156	;;
3cd7ffe2 ER	157	reload\|force-reload)
	158	reload
	159	;;
	160	configtest)
	161	checkconfig
cf3b46d6	162	;;
01d1f289	163	init)
0d883194	164	nls "Now the SSH host key will be generated. Please note, that if you"
	165	nls "will use password for the key, you will need to type it on each"
	166	nls "reboot."
e6635719	167	ssh_gen_keys
36f63877	168	;;
3cd7ffe2	169	status)
df55b69c	170	status --pidfile $PIDFILE sshd
3cd7ffe2	171	exit $?
36f63877	172	;;
cf3b46d6	173	*)
8e8276e5	174	msg_usage "$0 {start\|stop\|restart\|try-restart\|reload\|force-reload\|configtest\|init\|status}"
bff0c7f8	175	exit 3
cf3b46d6 AF	176	esac
cf3b46d6 AF	177
cbd44157	178	exit $RETVAL