opensshd.init

   1 #!/bin/sh
   2 #
   3 # sshd          sshd (secure shell daemon)
   4 #
   5 # chkconfig:    345 21 89
   6 #
   7 # description:  sshd (secure shell daemon) is a server part of the ssh suite. \
   8 #               Ssh can be used for remote login, remote file copying, TCP port \
   9 #               forwarding etc. Ssh offers strong encryption and authentication.
  10
  11 # Source function library
  12 . /etc/rc.d/init.d/functions
  13
  14 upstart_controlled --except init configtest
  15
  16 # Get network config
  17 . /etc/sysconfig/network
  18
  19 SSHD_OOM_ADJUST=-1000
  20
  21 # Get service config
  22 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
  23
  24 # Check that networking is up.
  25 if is_yes "${NETWORKING}"; then
  26         if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
  27                 msg_network_down "OpenSSH"
  28                 exit 1
  29         fi
  30 else
  31         exit 0
  32 fi
  33
  34 adjust_oom() {
  35         if [ -e /var/run/sshd.pid ]; then
  36                 for pid in $(cat /var/run/sshd.pid); do
  37                         echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
  38                 done
  39         fi
  40 }
  41
  42 checkconfig() {
  43         ssh_gen_keys
  44         /usr/sbin/sshd -t || exit 1
  45 }
  46
  47 ssh_gen_keys() {
  48         # generate new keys with empty passwords if they do not exist
  49         if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
  50                 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
  51                 chmod 600 /etc/ssh/ssh_host_key
  52                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
  53         fi
  54         if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
  55                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
  56                 chmod 600 /etc/ssh/ssh_host_rsa_key
  57                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
  58         fi
  59         if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
  60                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
  61                 chmod 600 /etc/ssh/ssh_host_dsa_key
  62                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
  63         fi
  64         if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
  65                 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
  66                 chmod 600 /etc/ssh/ssh_host_ecdsa_key
  67                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
  68         fi # ecdsa
  69 }
  70
  71 start() {
  72         # Check if the service is already running?
  73         if [ -f /var/lock/subsys/sshd ]; then
  74                 msg_already_running "OpenSSH"
  75                 return
  76         fi
  77
  78         checkconfig
  79
  80         if [ ! -s /etc/ssh/ssh_host_key ]; then
  81                 msg_not_running "OpenSSH"
  82                 nls "No SSH host key found! You must run \"%s init\" first." "$0"
  83                 exit 1
  84         fi
  85
  86         if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
  87                 OPTIONS="$OPTIONS -4"
  88         fi
  89         if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
  90                 OPTIONS="$OPTIONS -6"
  91         fi
  92
  93         msg_starting "OpenSSH"
  94         daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
  95         RETVAL=$?
  96         adjust_oom
  97         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
  98 }
  99
 100 stop() {
 101         if [ ! -f /var/lock/subsys/sshd ]; then
 102                 msg_not_running "OpenSSH"
 103                 return
 104         fi
 105
 106         msg_stopping "OpenSSH"
 107         # we use start-stop-daemon to stop sshd, as it is unacceptable for such
 108         # critical service as sshd to kill it by procname, but unfortunately
 109         # rc-scripts does not provide way to kill *only* by pidfile
 110         start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
 111         rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 112 }
 113
 114 reload() {
 115         if [ ! -f /var/lock/subsys/sshd ]; then
 116                 msg_not_running "OpenSSH"
 117                 RETVAL=7
 118                 return
 119         fi
 120
 121         checkconfig
 122         msg_reloading "OpenSSH"
 123         killproc sshd -HUP
 124         RETVAL=$?
 125 }
 126
 127 condrestart() {
 128         if [ ! -f /var/lock/subsys/sshd ]; then
 129                 msg_not_running "OpenSSH"
 130                 RETVAL=$1
 131                 return
 132         fi
 133
 134         checkconfig
 135         stop
 136         start
 137 }
 138
 139 RETVAL=0
 140 # See how we were called.
 141 case "$1" in
 142   start)
 143         start
 144         ;;
 145   stop)
 146         stop
 147         ;;
 148   restart)
 149         checkconfig
 150         stop
 151         start
 152         ;;
 153   try-restart)
 154         condrestart 0
 155         ;;
 156   reload|force-reload)
 157         reload
 158         ;;
 159   configtest)
 160         checkconfig
 161         ;;
 162   init)
 163         nls "Now the SSH host key will be generated. Please note, that if you"
 164         nls "will use password for the key, you will need to type it on each"
 165         nls "reboot."
 166         ssh_gen_keys
 167         ;;
 168   status)
 169         status sshd
 170         exit $?
 171         ;;
 172   *)
 173         msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
 174         exit 3
 175 esac
 176
 177 exit $RETVAL