[packages/openssh.git] / opensshd.init

#!/bin/sh
#
# sshd		sshd (secure shell daemon)
#
# chkconfig:	345 21 89
#
# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
#		Ssh can be used for remote login, remote file copying, TCP port \
#		forwarding etc. Ssh offers strong encryption and authentication.

# Source function library
. /etc/rc.d/init.d/functions

upstart_controlled --except init configtest

# Get network config
. /etc/sysconfig/network

SSHD_OOM_ADJUST=-1000

# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

# Check that networking is up.
if is_yes "${NETWORKING}"; then
	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
		msg_network_down "OpenSSH"
		exit 1
	fi
else
	exit 0
fi

adjust_oom() {
	if [ -e /var/run/sshd.pid ]; then
		for pid in $(cat /var/run/sshd.pid); do
			echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
		done
	fi
}

checkconfig() {
	/usr/sbin/sshd -t || exit 1
}

ssh_gen_keys() {
	# generate new keys with empty passwords if they do not exist
	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
	fi
	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_rsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_dsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_ecdsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	fi
}

start() {
	# Check if the service is already running?
	if [ -f /var/lock/subsys/sshd ]; then
		msg_already_running "OpenSSH"
		return
	fi

	ssh_gen_keys
	checkconfig

	if [ ! -s /etc/ssh/ssh_host_key ]; then
		msg_not_running "OpenSSH"
		nls "No SSH host key found! You must run \"%s init\" first." "$0"
		exit 1
	fi

	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
		OPTIONS="$OPTIONS -4"
	fi
	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
		OPTIONS="$OPTIONS -6"
	fi

	msg_starting "OpenSSH"
	daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
	RETVAL=$?
	adjust_oom
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
}

stop() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		return
	fi

	msg_stopping "OpenSSH"
	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	# critical service as sshd to kill it by procname, but unfortunately
	# rc-scripts does not provide way to kill *only* by pidfile
	start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
}

reload() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		RETVAL=7
		return
	fi

	ssh_gen_keys
	checkconfig
	msg_reloading "OpenSSH"
	killproc sshd -HUP
	RETVAL=$?
}

RETVAL=0
# See how we were called.
case "$1" in
  start)
  	start
	;;
  stop)
  	stop
	;;
  restart)
	checkconfig
	stop
	start
	;;
  reload|force-reload)
	reload
	;;
  configtest)
	checkconfig
	;;
  init)
	nls "Now the SSH host key will be generated. Please note, that if you"
	nls "will use password for the key, you will need to type it on each"
	nls "reboot."
	ssh_gen_keys
	;;
  status)
	status sshd
	exit $?
	;;
  *)
	msg_usage "$0 {start|stop|restart|reload|force-reload|configtest|init|status}"
	exit 3
esac

exit $RETVAL
Commit	Line	Data
cf3b46d6 AF	1	#!/bin/sh
	2	#
	3	# sshd sshd (secure shell daemon)
	4	#
fd04e715	5	# chkconfig: 345 21 89
cf3b46d6	6	#
4a9f24b4	7	# description: sshd (secure shell daemon) is a server part of the ssh suite. \
4a9f24b4	8	# Ssh can be used for remote login, remote file copying, TCP port \
cf3b46d6 AF	9	# forwarding etc. Ssh offers strong encryption and authentication.
cf3b46d6 AF	10
cf3b46d6 AF	11	# Source function library
	12	. /etc/rc.d/init.d/functions
	13
c303393a ER	14	upstart_controlled --except init configtest
c303393a ER	15
cf3b46d6 AF	16	# Get network config
	17	. /etc/sysconfig/network
	18
3cd7ffe2 ER	19	SSHD_OOM_ADJUST=-1000
3cd7ffe2 ER	20
cf3b46d6 AF	21	# Get service config
	22	[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
	23
	24	# Check that networking is up.
7d58fbb0	25	if is_yes "${NETWORKING}"; then
224aaee1	26	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
e6635719	27	msg_network_down "OpenSSH"
7d58fbb0	28	exit 1
	29	fi
	30	else
	31	exit 0
cf3b46d6	32	fi
a1c37c17	33
32322335	34	adjust_oom() {
141073f0 ER	35	if [ -e /var/run/sshd.pid ]; then
141073f0 ER	36	for pid in $(cat /var/run/sshd.pid); do
9172cbe8	37	echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
141073f0 ER	38	done
141073f0 ER	39	fi
32322335 AM	40	}
32322335 AM	41
945a8076 ER	42	checkconfig() {
	43	/usr/sbin/sshd -t \|\| exit 1
	44	}
	45
e6635719	46	ssh_gen_keys() {
3c573fc0	47	# generate new keys with empty passwords if they do not exist
3c573fc0	48	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
e6635719	49	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
7d58fbb0	50	chmod 600 /etc/ssh/ssh_host_key
e6635719	51	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
3c573fc0	52	fi
3c573fc0	53	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
e6635719	54	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
7d58fbb0	55	chmod 600 /etc/ssh/ssh_host_rsa_key
e6635719	56	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
3c573fc0	57	fi
3c573fc0	58	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
e6635719	59	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
7d58fbb0	60	chmod 600 /etc/ssh/ssh_host_dsa_key
e6635719 ER	61	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
e6635719 ER	62	fi
7b384e20 AM	63	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
	64	/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
	65	chmod 600 /etc/ssh/ssh_host_ecdsa_key
	66	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	67	fi
e6635719 ER	68	}
	69
	70	start() {
	71	# Check if the service is already running?
	72	if [ -f /var/lock/subsys/sshd ]; then
	73	msg_already_running "OpenSSH"
	74	return
3c573fc0	75	fi
3c573fc0	76
e6635719	77	ssh_gen_keys
945a8076 ER	78	checkconfig
945a8076 ER	79
e6635719 ER	80	if [ ! -s /etc/ssh/ssh_host_key ]; then
e6635719 ER	81	msg_not_running "OpenSSH"
7d58fbb0	82	nls "No SSH host key found! You must run \"%s init\" first." "$0"
01d1f289	83	exit 1
01d1f289	84	fi
3c573fc0	85
1292c55e ER	86	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
	87	OPTIONS="$OPTIONS -4"
	88	fi
	89	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
	90	OPTIONS="$OPTIONS -6"
	91	fi
	92
e6635719	93	msg_starting "OpenSSH"
1292c55e	94	daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
e6635719 ER	95	RETVAL=$?
	96	adjust_oom
	97	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
b10eed65 ER	98	}
	99
	100	stop() {
3cd7ffe2	101	if [ ! -f /var/lock/subsys/sshd ]; then
e6635719	102	msg_not_running "OpenSSH"
3cd7ffe2	103	return
a1c37c17	104	fi
3cd7ffe2 ER	105
	106	msg_stopping "OpenSSH"
	107	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	108	# critical service as sshd to kill it by procname, but unfortunately
	109	# rc-scripts does not provide way to kill only by pidfile
	110	start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok \|\| fail
	111	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
	112	}
	113
	114	reload() {
	115	if [ ! -f /var/lock/subsys/sshd ]; then
	116	msg_not_running "OpenSSH"
	117	RETVAL=7
	118	return
	119	fi
	120
fde7c3ba	121	ssh_gen_keys
3cd7ffe2 ER	122	checkconfig
	123	msg_reloading "OpenSSH"
	124	killproc sshd -HUP
	125	RETVAL=$?
b10eed65 ER	126	}
	127
	128	RETVAL=0
	129	# See how we were called.
	130	case "$1" in
	131	start)
	132	start
	133	;;
	134	stop)
	135	stop
cf3b46d6	136	;;
cbd44157	137	restart)
945a8076	138	checkconfig
b10eed65 ER	139	stop
b10eed65 ER	140	start
cf3b46d6	141	;;
3cd7ffe2 ER	142	reload\|force-reload)
	143	reload
	144	;;
	145	configtest)
	146	checkconfig
cf3b46d6	147	;;
01d1f289	148	init)
0d883194	149	nls "Now the SSH host key will be generated. Please note, that if you"
	150	nls "will use password for the key, you will need to type it on each"
	151	nls "reboot."
e6635719	152	ssh_gen_keys
36f63877	153	;;
3cd7ffe2 ER	154	status)
	155	status sshd
	156	exit $?
36f63877	157	;;
cf3b46d6	158	*)
3cd7ffe2	159	msg_usage "$0 {start\|stop\|restart\|reload\|force-reload\|configtest\|init\|status}"
bff0c7f8	160	exit 3
cf3b46d6 AF	161	esac
cf3b46d6 AF	162
cbd44157	163	exit $RETVAL