[packages/openssh.git] / opensshd.init

#!/bin/sh
#
# sshd		sshd (secure shell daemon)
#
# chkconfig:	345 21 89
#
# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
#		Ssh can be used for remote login, remote file copying, TCP port \
#		forwarding etc. Ssh offers strong encryption and authentication.

SSHD_OOM_ADJUST=-17

# Source function library
. /etc/rc.d/init.d/functions

# Get network config
. /etc/sysconfig/network

# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

# Check that networking is up.
if is_yes "${NETWORKING}"; then
	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
		msg_network_down "OpenSSH"
		exit 1
	fi
else
	exit 0
fi

adjust_oom() {
	if [ -e /var/run/sshd.pid ]; then
		for pid in $(cat /var/run/sshd.pid); do
			if [ -e /proc/$pid/oom_score_adj ]; then
				echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
			else
				echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj
			fi
		done
	fi
}

checkconfig() {
	/usr/sbin/sshd -t || exit 1
}

ssh_gen_keys() {
	# generate new keys with empty passwords if they do not exist
	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
	fi
	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_rsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_dsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_ecdsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	fi
}

start() {
	# Check if the service is already running?
	if [ -f /var/lock/subsys/sshd ]; then
		msg_already_running "OpenSSH"
		return
	fi

	ssh_gen_keys

	checkconfig

	if [ ! -s /etc/ssh/ssh_host_key ]; then
		msg_not_running "OpenSSH"
		nls "No SSH host key found! You must run \"%s init\" first." "$0"
		exit 1
	fi

	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
		OPTIONS="$OPTIONS -4"
	fi
	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
		OPTIONS="$OPTIONS -6"
	fi

	msg_starting "OpenSSH"
	daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
	RETVAL=$?
	adjust_oom
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
}

stop() {
	if [ -f /var/lock/subsys/sshd ]; then
		msg_stopping "OpenSSH"
		# we use start-stop-daemon to stop sshd, as it is unacceptable for such
		# critical service as sshd to kill it by procname, but unfortunately
		# rc-scripts does not provide way to kill *only* by pidfile
		start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
		rm -f /var/lock/subsys/sshd >/dev/null 2>&1
	else
		msg_not_running "OpenSSH"
	fi
}

upstart_controlled --except init configtest

RETVAL=0
# See how we were called.
case "$1" in
  start)
  	start
	;;
  stop)
  	stop
	;;
  restart)
	checkconfig
	stop
	start
	;;
  status)
	status sshd
	exit $?
	;;
  init)
	nls "Now the SSH host key will be generated. Please note, that if you"
	nls "will use password for the key, you will need to type it on each"
	nls "reboot."
	ssh_gen_keys
	;;
  configtest)
	checkconfig
	;;
  reload|force-reload)
	if [ -f /var/lock/subsys/sshd ]; then
		checkconfig
		msg_reloading "OpenSSH"
		killproc sshd -HUP
		RETVAL=$?
	else
		msg_not_running "OpenSSH"
		exit 7
	fi
	;;
  *)
	msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
	exit 3
esac

exit $RETVAL
Commit	Line	Data
cf3b46d6 AF	1	#!/bin/sh
	2	#
	3	# sshd sshd (secure shell daemon)
	4	#
fd04e715	5	# chkconfig: 345 21 89
cf3b46d6	6	#
4a9f24b4	7	# description: sshd (secure shell daemon) is a server part of the ssh suite. \
4a9f24b4	8	# Ssh can be used for remote login, remote file copying, TCP port \
cf3b46d6 AF	9	# forwarding etc. Ssh offers strong encryption and authentication.
cf3b46d6 AF	10
32322335	11	SSHD_OOM_ADJUST=-17
cf3b46d6 AF	12
	13	# Source function library
	14	. /etc/rc.d/init.d/functions
	15
	16	# Get network config
	17	. /etc/sysconfig/network
	18
	19	# Get service config
	20	[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
	21
	22	# Check that networking is up.
7d58fbb0	23	if is_yes "${NETWORKING}"; then
224aaee1	24	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
e6635719	25	msg_network_down "OpenSSH"
7d58fbb0	26	exit 1
	27	fi
	28	else
	29	exit 0
cf3b46d6	30	fi
a1c37c17	31
32322335	32	adjust_oom() {
141073f0 ER	33	if [ -e /var/run/sshd.pid ]; then
141073f0 ER	34	for pid in $(cat /var/run/sshd.pid); do
bde01d30 AM	35	if [ -e /proc/$pid/oom_score_adj ]; then
	36	echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
	37	else
	38	echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj
	39	fi
141073f0 ER	40	done
141073f0 ER	41	fi
32322335 AM	42	}
32322335 AM	43
945a8076 ER	44	checkconfig() {
	45	/usr/sbin/sshd -t \|\| exit 1
	46	}
	47
e6635719	48	ssh_gen_keys() {
3c573fc0	49	# generate new keys with empty passwords if they do not exist
3c573fc0	50	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
e6635719	51	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
7d58fbb0	52	chmod 600 /etc/ssh/ssh_host_key
e6635719	53	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
3c573fc0	54	fi
3c573fc0	55	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
e6635719	56	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
7d58fbb0	57	chmod 600 /etc/ssh/ssh_host_rsa_key
e6635719	58	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
3c573fc0	59	fi
3c573fc0	60	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
e6635719	61	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
7d58fbb0	62	chmod 600 /etc/ssh/ssh_host_dsa_key
e6635719 ER	63	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
e6635719 ER	64	fi
7b384e20 AM	65	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
	66	/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
	67	chmod 600 /etc/ssh/ssh_host_ecdsa_key
	68	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	69	fi
e6635719 ER	70	}
	71
	72	start() {
	73	# Check if the service is already running?
	74	if [ -f /var/lock/subsys/sshd ]; then
	75	msg_already_running "OpenSSH"
	76	return
3c573fc0	77	fi
3c573fc0	78
e6635719 ER	79	ssh_gen_keys
e6635719 ER	80
945a8076 ER	81	checkconfig
945a8076 ER	82
e6635719 ER	83	if [ ! -s /etc/ssh/ssh_host_key ]; then
e6635719 ER	84	msg_not_running "OpenSSH"
7d58fbb0	85	nls "No SSH host key found! You must run \"%s init\" first." "$0"
01d1f289	86	exit 1
01d1f289	87	fi
3c573fc0	88
1292c55e ER	89	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
	90	OPTIONS="$OPTIONS -4"
	91	fi
	92	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
	93	OPTIONS="$OPTIONS -6"
	94	fi
	95
e6635719	96	msg_starting "OpenSSH"
1292c55e	97	daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
e6635719 ER	98	RETVAL=$?
	99	adjust_oom
	100	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
b10eed65 ER	101	}
	102
	103	stop() {
7d58fbb0	104	if [ -f /var/lock/subsys/sshd ]; then
e6635719	105	msg_stopping "OpenSSH"
3007cef9 ER	106	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	107	# critical service as sshd to kill it by procname, but unfortunately
	108	# rc-scripts does not provide way to kill only by pidfile
	109	start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok \|\| fail
	110	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
cbd44157	111	else
e6635719	112	msg_not_running "OpenSSH"
a1c37c17	113	fi
b10eed65 ER	114	}
b10eed65 ER	115
c0f446a0 JK	116	upstart_controlled --except init configtest
c0f446a0 JK	117
b10eed65 ER	118	RETVAL=0
	119	# See how we were called.
	120	case "$1" in
	121	start)
	122	start
	123	;;
	124	stop)
	125	stop
cf3b46d6	126	;;
cbd44157	127	restart)
945a8076	128	checkconfig
b10eed65 ER	129	stop
b10eed65 ER	130	start
cf3b46d6 AF	131	;;
	132	status)
	133	status sshd
cbd44157	134	exit $?
cf3b46d6	135	;;
01d1f289	136	init)
0d883194	137	nls "Now the SSH host key will be generated. Please note, that if you"
	138	nls "will use password for the key, you will need to type it on each"
	139	nls "reboot."
e6635719	140	ssh_gen_keys
36f63877	141	;;
c0f446a0 JK	142	configtest)
	143	checkconfig
	144	;;
bff0c7f8	145	reload\|force-reload)
0d883194	146	if [ -f /var/lock/subsys/sshd ]; then
d1017959	147	checkconfig
e6635719	148	msg_reloading "OpenSSH"
0d883194	149	killproc sshd -HUP
0d883194	150	RETVAL=$?
0d883194	151	else
e6635719	152	msg_not_running "OpenSSH"
bff0c7f8	153	exit 7
0d883194	154	fi
36f63877	155	;;
cf3b46d6	156	*)
bff0c7f8	157	msg_usage "$0 {start\|stop\|init\|restart\|reload\|force-reload\|status}"
bff0c7f8	158	exit 3
cf3b46d6 AF	159	esac
cf3b46d6 AF	160
cbd44157	161	exit $RETVAL