]>
Commit | Line | Data |
---|---|---|
cf3b46d6 AF |
1 | #!/bin/sh |
2 | # | |
3 | # sshd sshd (secure shell daemon) | |
4 | # | |
8f0031d7 | 5 | # chkconfig: 345 22 88 |
cf3b46d6 | 6 | # |
4a9f24b4 | 7 | # description: sshd (secure shell daemon) is a server part of the ssh suite. \ |
8 | # Ssh can be used for remote login, remote file copying, TCP port \ | |
cf3b46d6 AF |
9 | # forwarding etc. Ssh offers strong encryption and authentication. |
10 | ||
cf3b46d6 AF |
11 | # Source function library |
12 | . /etc/rc.d/init.d/functions | |
13 | ||
c303393a ER |
14 | upstart_controlled --except init configtest |
15 | ||
cf3b46d6 AF |
16 | # Get network config |
17 | . /etc/sysconfig/network | |
18 | ||
3cd7ffe2 | 19 | SSHD_OOM_ADJUST=-1000 |
df55b69c | 20 | PIDFILE=/var/run/sshd.pid |
3cd7ffe2 | 21 | |
cf3b46d6 AF |
22 | # Get service config |
23 | [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd | |
24 | ||
25 | # Check that networking is up. | |
7d58fbb0 | 26 | if is_yes "${NETWORKING}"; then |
224aaee1 | 27 | if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then |
e6635719 | 28 | msg_network_down "OpenSSH" |
7d58fbb0 | 29 | exit 1 |
30 | fi | |
31 | else | |
32 | exit 0 | |
cf3b46d6 | 33 | fi |
a1c37c17 | 34 | |
32322335 | 35 | adjust_oom() { |
df55b69c ER |
36 | if [ -e $PIDFILE ]; then |
37 | for pid in $(cat $PIDFILE); do | |
9172cbe8 | 38 | echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj |
141073f0 ER |
39 | done |
40 | fi | |
32322335 AM |
41 | } |
42 | ||
945a8076 | 43 | checkconfig() { |
d27ccc9b | 44 | ssh_gen_keys |
945a8076 ER |
45 | /usr/sbin/sshd -t || exit 1 |
46 | } | |
47 | ||
e6635719 | 48 | ssh_gen_keys() { |
3c573fc0 | 49 | # generate new keys with empty passwords if they do not exist |
50 | if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then | |
e6635719 | 51 | /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2 |
7d58fbb0 | 52 | chmod 600 /etc/ssh/ssh_host_key |
e6635719 | 53 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key |
3c573fc0 | 54 | fi |
55 | if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then | |
e6635719 | 56 | /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2 |
7d58fbb0 | 57 | chmod 600 /etc/ssh/ssh_host_rsa_key |
e6635719 | 58 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key |
3c573fc0 | 59 | fi |
60 | if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then | |
e6635719 | 61 | /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2 |
7d58fbb0 | 62 | chmod 600 /etc/ssh/ssh_host_dsa_key |
e6635719 ER |
63 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key |
64 | fi | |
7b384e20 AM |
65 | if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then |
66 | /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2 | |
67 | chmod 600 /etc/ssh/ssh_host_ecdsa_key | |
68 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key | |
95191792 | 69 | fi # ecdsa |
3eb72854 AM |
70 | if [ ! -f /etc/ssh/ssh_host_ed25519_key -o ! -s /etc/ssh/ssh_host_ed25519_key ]; then |
71 | /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >&2 | |
72 | chmod 600 /etc/ssh/ssh_host_ed25519_key | |
73 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ed25519_key | |
74 | fi # ed25519 | |
e6635719 ER |
75 | } |
76 | ||
77 | start() { | |
78 | # Check if the service is already running? | |
79 | if [ -f /var/lock/subsys/sshd ]; then | |
80 | msg_already_running "OpenSSH" | |
81 | return | |
3c573fc0 | 82 | fi |
83 | ||
945a8076 ER |
84 | checkconfig |
85 | ||
e6635719 ER |
86 | if [ ! -s /etc/ssh/ssh_host_key ]; then |
87 | msg_not_running "OpenSSH" | |
7d58fbb0 | 88 | nls "No SSH host key found! You must run \"%s init\" first." "$0" |
01d1f289 | 89 | exit 1 |
90 | fi | |
3c573fc0 | 91 | |
1292c55e ER |
92 | if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then |
93 | OPTIONS="$OPTIONS -4" | |
94 | fi | |
95 | if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then | |
96 | OPTIONS="$OPTIONS -6" | |
97 | fi | |
98 | ||
e6635719 | 99 | msg_starting "OpenSSH" |
df55b69c | 100 | daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS |
e6635719 ER |
101 | RETVAL=$? |
102 | adjust_oom | |
103 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd | |
b10eed65 ER |
104 | } |
105 | ||
106 | stop() { | |
3cd7ffe2 | 107 | if [ ! -f /var/lock/subsys/sshd ]; then |
e6635719 | 108 | msg_not_running "OpenSSH" |
3cd7ffe2 | 109 | return |
a1c37c17 | 110 | fi |
3cd7ffe2 ER |
111 | |
112 | msg_stopping "OpenSSH" | |
113 | # we use start-stop-daemon to stop sshd, as it is unacceptable for such | |
114 | # critical service as sshd to kill it by procname, but unfortunately | |
115 | # rc-scripts does not provide way to kill *only* by pidfile | |
df55b69c | 116 | start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail |
3cd7ffe2 ER |
117 | rm -f /var/lock/subsys/sshd >/dev/null 2>&1 |
118 | } | |
119 | ||
120 | reload() { | |
121 | if [ ! -f /var/lock/subsys/sshd ]; then | |
122 | msg_not_running "OpenSSH" | |
123 | RETVAL=7 | |
124 | return | |
125 | fi | |
126 | ||
127 | checkconfig | |
128 | msg_reloading "OpenSSH" | |
129 | killproc sshd -HUP | |
130 | RETVAL=$? | |
b10eed65 ER |
131 | } |
132 | ||
8e8276e5 ER |
133 | condrestart() { |
134 | if [ ! -f /var/lock/subsys/sshd ]; then | |
135 | msg_not_running "OpenSSH" | |
136 | RETVAL=$1 | |
137 | return | |
138 | fi | |
139 | ||
140 | checkconfig | |
141 | stop | |
142 | start | |
143 | } | |
144 | ||
b10eed65 ER |
145 | RETVAL=0 |
146 | # See how we were called. | |
147 | case "$1" in | |
148 | start) | |
149 | start | |
150 | ;; | |
151 | stop) | |
152 | stop | |
cf3b46d6 | 153 | ;; |
cbd44157 | 154 | restart) |
945a8076 | 155 | checkconfig |
b10eed65 ER |
156 | stop |
157 | start | |
cf3b46d6 | 158 | ;; |
8e8276e5 ER |
159 | try-restart) |
160 | condrestart 0 | |
161 | ;; | |
3cd7ffe2 ER |
162 | reload|force-reload) |
163 | reload | |
164 | ;; | |
165 | configtest) | |
166 | checkconfig | |
cf3b46d6 | 167 | ;; |
01d1f289 | 168 | init) |
0d883194 | 169 | nls "Now the SSH host key will be generated. Please note, that if you" |
170 | nls "will use password for the key, you will need to type it on each" | |
171 | nls "reboot." | |
e6635719 | 172 | ssh_gen_keys |
36f63877 | 173 | ;; |
3cd7ffe2 | 174 | status) |
df55b69c | 175 | status --pidfile $PIDFILE sshd |
3cd7ffe2 | 176 | exit $? |
36f63877 | 177 | ;; |
cf3b46d6 | 178 | *) |
8e8276e5 | 179 | msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}" |
bff0c7f8 | 180 | exit 3 |
cf3b46d6 AF |
181 | esac |
182 | ||
cbd44157 | 183 | exit $RETVAL |