- fixed pam_tally usage

[packages/openssh.git] / opensshd.init

#!/bin/sh
#
# sshd          sshd (secure shell daemon)
#
# chkconfig:    345 55 45
#
# description:  sshd (secure shell daemon) is a server part of the ssh suite. \
#               Ssh can be used for remote login, remote file copying, TCP port \
#               forwarding etc. Ssh offers strong encryption and authentication.


# Source function library
. /etc/rc.d/init.d/functions

# Get network config
. /etc/sysconfig/network

SERVICE_LIMITS="-u unlimited -Sc 0"

# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

# Check that networking is up.
if is_yes "${NETWORKING}"; then
        if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
                msg_network_down OpenSSH
                exit 1
        fi
else
        exit 0
fi
                        
RETVAL=0
# See how we were called.
case "$1" in
  start)
        # generate new keys with empty passwords if they do not exist
        if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
                /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
                chmod 600 /etc/ssh/ssh_host_key
                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || :
        fi
        if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
                /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 1>&2
                chmod 600 /etc/ssh/ssh_host_rsa_key
                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || :
        fi
        if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
                /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 1>&2
                chmod 600 /etc/ssh/ssh_host_dsa_key
                [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
        fi

        if [ ! -f /etc/ssh/ssh_host_key ]; then
                msg_not_running OpenSSH
                nls "No SSH host key found! You must run \"%s init\" first." "$0"
                exit 1
        fi

        # Check if the service is already running?
        if [ ! -f /var/lock/subsys/sshd ]; then
                msg_starting OpenSSH
                daemon /usr/sbin/sshd 
                RETVAL=$?
                [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd                
        else
                msg_already_running OpenSSH
        fi
        ;;
  stop)
        if [ -f /var/lock/subsys/sshd ]; then
                msg_stopping OpenSSH
                killproc sshd
                rm -f /var/run/sshd.pid /var/lock/subsys/sshd >/dev/null 2>&1
        else
                msg_not_running OpenSSH
        fi      
        ;;
  restart)
        $0 stop
        $0 start
        exit $?
        ;;
  status)
        status sshd
        exit $?
        ;;
  init)
        nls "Now the SSH host key will be generated. Please note, that if you"
        nls "will use password for the key, you will need to type it on each"
        nls "reboot."
        /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key
        [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || :
        chmod 600 /etc/ssh/ssh_host_key
        /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
        [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || :
        chmod 600 /etc/ssh/ssh_host_rsa_key
        /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
        chmod 600 /etc/ssh/ssh_host_dsa_key
        [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
        exit $?
        ;;
  reload|force-reload)
        if [ -f /var/lock/subsys/sshd ]; then
                msg_reloading OpenSSH
                killproc sshd -HUP
                RETVAL=$?
        else
                msg_not_running OpenSSH >&2
                exit 7
        fi
        ;;
  *)
        msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
        exit 3
esac

exit $RETVAL