#
# sshd sshd (secure shell daemon)
#
-# chkconfig: 345 55 45
+# chkconfig: 345 22 88
#
# description: sshd (secure shell daemon) is a server part of the ssh suite. \
# Ssh can be used for remote login, remote file copying, TCP port \
# forwarding etc. Ssh offers strong encryption and authentication.
-
# Source function library
. /etc/rc.d/init.d/functions
# Get network config
. /etc/sysconfig/network
+SSHD_OOM_ADJUST=-1000
+PIDFILE=/var/run/sshd.pid
+
# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
# Check that networking is up.
if is_yes "${NETWORKING}"; then
if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
- msg_network_down OpenSSH
+ msg_network_down "OpenSSH"
exit 1
fi
else
exit 0
fi
+adjust_oom() {
+ if [ -e $PIDFILE ]; then
+ for pid in $(cat $PIDFILE); do
+ echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
+ done
+ fi
+}
+
checkconfig() {
+ ssh_gen_keys
/usr/sbin/sshd -t || exit 1
}
-RETVAL=0
-# See how we were called.
-case "$1" in
- start)
- # generate new keys with empty passwords if they do not exist
- if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
- /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
- chmod 600 /etc/ssh/ssh_host_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || :
- fi
- if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
- /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 1>&2
- chmod 600 /etc/ssh/ssh_host_rsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || :
- fi
- if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
- /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 1>&2
- chmod 600 /etc/ssh/ssh_host_dsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
+ssh_gen_keys() {
+ @@LIBEXECDIR@@/sshd-keygen
+}
+
+start() {
+ # Check if the service is already running?
+ if status --pidfile $PIDFILE sshd >/dev/null; then
+ msg_already_running "OpenSSH"
+ return
fi
checkconfig
- if [ ! -f /etc/ssh/ssh_host_key ]; then
- msg_not_running OpenSSH
+ if [ ! -s /etc/ssh/ssh_host_key ]; then
+ msg_not_running "OpenSSH"
nls "No SSH host key found! You must run \"%s init\" first." "$0"
exit 1
fi
- # Check if the service is already running?
+ if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
+ OPTIONS="$OPTIONS -4"
+ fi
+ if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
+ OPTIONS="$OPTIONS -6"
+ fi
+
+ msg_starting "OpenSSH"
+ daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
+ RETVAL=$?
+ adjust_oom
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+}
+
+stop() {
+ if [ ! -f /var/lock/subsys/sshd ]; then
+ msg_not_running "OpenSSH"
+ return
+ fi
+
+ msg_stopping "OpenSSH"
+ # we use start-stop-daemon to stop sshd, as it is unacceptable for such
+ # critical service as sshd to kill it by procname, but unfortunately
+ # rc-scripts does not provide way to kill *only* by pidfile
+ start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail
+ rm -f /var/lock/subsys/sshd >/dev/null 2>&1
+}
+
+reload() {
+ if [ ! -f /var/lock/subsys/sshd ]; then
+ msg_not_running "OpenSSH"
+ RETVAL=7
+ return
+ fi
+
+ checkconfig
+ msg_reloading "OpenSSH"
+ killproc sshd -HUP
+ RETVAL=$?
+}
+
+condrestart() {
if [ ! -f /var/lock/subsys/sshd ]; then
- msg_starting OpenSSH
- daemon /usr/sbin/sshd
- RETVAL=$?
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
- else
- msg_already_running OpenSSH
+ msg_not_running "OpenSSH"
+ RETVAL=$1
+ return
fi
+
+ checkconfig
+ stop
+ start
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+ start)
+ start
;;
stop)
- if [ -f /var/lock/subsys/sshd ]; then
- msg_stopping OpenSSH
- # we use start-stop-daemon to stop sshd, as it is unacceptable for such
- # critical service as sshd to kill it by procname, but unfortunately
- # rc-scripts does not provide way to kill *only* by pidfile
- start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
- rm -f /var/lock/subsys/sshd >/dev/null 2>&1
- else
- msg_not_running OpenSSH
- fi
+ stop
;;
restart)
checkconfig
- $0 stop
- $0 start
- exit $?
+ stop
+ start
;;
- status)
- status sshd
- exit $?
+ try-restart)
+ condrestart 0
+ ;;
+ reload|force-reload)
+ reload
+ ;;
+ configtest)
+ checkconfig
;;
init)
nls "Now the SSH host key will be generated. Please note, that if you"
nls "will use password for the key, you will need to type it on each"
nls "reboot."
- /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || :
- chmod 600 /etc/ssh/ssh_host_key
- /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || :
- chmod 600 /etc/ssh/ssh_host_rsa_key
- /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
- chmod 600 /etc/ssh/ssh_host_dsa_key
- [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
- exit $?
+ ssh_gen_keys
;;
- reload|force-reload)
- if [ -f /var/lock/subsys/sshd ]; then
- msg_reloading OpenSSH
- killproc sshd -HUP
- RETVAL=$?
- else
- msg_not_running OpenSSH >&2
- exit 7
- fi
+ status)
+ status --pidfile $PIDFILE sshd
+ exit $?
;;
*)
- msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
+ msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
exit 3
esac
projects / packages / openssh.git / blobdiff