- rebuild with openssl-1.0.1k

[packages/openssh.git] / opensshd.init

#!/bin/sh
#
# sshd          sshd (secure shell daemon)
#
# chkconfig:    345 22 88
#
# description:  sshd (secure shell daemon) is a server part of the ssh suite. \
#               Ssh can be used for remote login, remote file copying, TCP port \
#               forwarding etc. Ssh offers strong encryption and authentication.

# Source function library
. /etc/rc.d/init.d/functions

upstart_controlled --except init configtest

# Get network config
. /etc/sysconfig/network

SSHD_OOM_ADJUST=-1000
PIDFILE=/var/run/sshd.pid

# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

# Check that networking is up.
if is_yes "${NETWORKING}"; then
        if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
                msg_network_down "OpenSSH"
                exit 1
        fi
else
        exit 0
fi

adjust_oom() {
        if [ -e $PIDFILE ]; then
                for pid in $(cat $PIDFILE); do
                        echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
                done
        fi
}

checkconfig() {
        ssh_gen_keys
        /usr/sbin/sshd -t || exit 1
}

ssh_gen_keys() {
        # generate new keys with empty passwords if they do not exist
        if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
                /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
                chmod 600 /etc/ssh/ssh_host_key
                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
        fi
        if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
                /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
                chmod 600 /etc/ssh/ssh_host_rsa_key
                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
        fi
        if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
                /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
                chmod 600 /etc/ssh/ssh_host_dsa_key
                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
        fi
        if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
                /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
                chmod 600 /etc/ssh/ssh_host_ecdsa_key
                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
        fi # ecdsa
        if [ ! -f /etc/ssh/ssh_host_ed25519_key -o ! -s /etc/ssh/ssh_host_ed25519_key ]; then
                /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >&2
                chmod 600 /etc/ssh/ssh_host_ed25519_key
                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ed25519_key
        fi # ed25519
}

start() {
        # Check if the service is already running?
        if [ -f /var/lock/subsys/sshd ]; then
                msg_already_running "OpenSSH"
                return
        fi

        checkconfig

        if [ ! -s /etc/ssh/ssh_host_key ]; then
                msg_not_running "OpenSSH"
                nls "No SSH host key found! You must run \"%s init\" first." "$0"
                exit 1
        fi

        if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
                OPTIONS="$OPTIONS -4"
        fi
        if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
                OPTIONS="$OPTIONS -6"
        fi

        msg_starting "OpenSSH"
        daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
        RETVAL=$?
        adjust_oom
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
}

stop() {
        if [ ! -f /var/lock/subsys/sshd ]; then
                msg_not_running "OpenSSH"
                return
        fi

        msg_stopping "OpenSSH"
        # we use start-stop-daemon to stop sshd, as it is unacceptable for such
        # critical service as sshd to kill it by procname, but unfortunately
        # rc-scripts does not provide way to kill *only* by pidfile
        start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail
        rm -f /var/lock/subsys/sshd >/dev/null 2>&1
}

reload() {
        if [ ! -f /var/lock/subsys/sshd ]; then
                msg_not_running "OpenSSH"
                RETVAL=7
                return
        fi

        checkconfig
        msg_reloading "OpenSSH"
        killproc sshd -HUP
        RETVAL=$?
}

condrestart() {
        if [ ! -f /var/lock/subsys/sshd ]; then
                msg_not_running "OpenSSH"
                RETVAL=$1
                return
        fi

        checkconfig
        stop
        start
}

RETVAL=0
# See how we were called.
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart)
        checkconfig
        stop
        start
        ;;
  try-restart)
        condrestart 0
        ;;
  reload|force-reload)
        reload
        ;;
  configtest)
        checkconfig
        ;;
  init)
        nls "Now the SSH host key will be generated. Please note, that if you"
        nls "will use password for the key, you will need to type it on each"
        nls "reboot."
        ssh_gen_keys
        ;;
  status)
        status --pidfile $PIDFILE sshd
        exit $?
        ;;
  *)
        msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
        exit 3
esac

exit $RETVAL