#!/bin/sh # # sshd sshd (secure shell daemon) # # chkconfig: 345 22 88 # # description: sshd (secure shell daemon) is a server part of the ssh suite. \ # Ssh can be used for remote login, remote file copying, TCP port \ # forwarding etc. Ssh offers strong encryption and authentication. # Source function library . /etc/rc.d/init.d/functions upstart_controlled --except init configtest # Get network config . /etc/sysconfig/network SSHD_OOM_ADJUST=-1000 # Get service config [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd # Check that networking is up. if is_yes "${NETWORKING}"; then if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then msg_network_down "OpenSSH" exit 1 fi else exit 0 fi adjust_oom() { if [ -e /var/run/sshd.pid ]; then for pid in $(cat /var/run/sshd.pid); do echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj done fi } checkconfig() { ssh_gen_keys /usr/sbin/sshd -t || exit 1 } ssh_gen_keys() { # generate new keys with empty passwords if they do not exist if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2 chmod 600 /etc/ssh/ssh_host_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key fi if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2 chmod 600 /etc/ssh/ssh_host_rsa_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key fi if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2 chmod 600 /etc/ssh/ssh_host_dsa_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key fi if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2 chmod 600 /etc/ssh/ssh_host_ecdsa_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key fi # ecdsa } start() { # Check if the service is already running? if [ -f /var/lock/subsys/sshd ]; then msg_already_running "OpenSSH" return fi checkconfig if [ ! -s /etc/ssh/ssh_host_key ]; then msg_not_running "OpenSSH" nls "No SSH host key found! You must run \"%s init\" first." "$0" exit 1 fi if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then OPTIONS="$OPTIONS -4" fi if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then OPTIONS="$OPTIONS -6" fi msg_starting "OpenSSH" daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS RETVAL=$? adjust_oom [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd } stop() { if [ ! -f /var/lock/subsys/sshd ]; then msg_not_running "OpenSSH" return fi msg_stopping "OpenSSH" # we use start-stop-daemon to stop sshd, as it is unacceptable for such # critical service as sshd to kill it by procname, but unfortunately # rc-scripts does not provide way to kill *only* by pidfile start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail rm -f /var/lock/subsys/sshd >/dev/null 2>&1 } reload() { if [ ! -f /var/lock/subsys/sshd ]; then msg_not_running "OpenSSH" RETVAL=7 return fi checkconfig msg_reloading "OpenSSH" killproc sshd -HUP RETVAL=$? } condrestart() { if [ ! -f /var/lock/subsys/sshd ]; then msg_not_running "OpenSSH" RETVAL=$1 return fi checkconfig stop start } RETVAL=0 # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) checkconfig stop start ;; try-restart) condrestart 0 ;; reload|force-reload) reload ;; configtest) checkconfig ;; init) nls "Now the SSH host key will be generated. Please note, that if you" nls "will use password for the key, you will need to type it on each" nls "reboot." ssh_gen_keys ;; status) status sshd exit $? ;; *) msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}" exit 3 esac exit $RETVAL