]>
Commit | Line | Data |
---|---|---|
cf3b46d6 AF |
1 | #!/bin/sh |
2 | # | |
3 | # sshd sshd (secure shell daemon) | |
4 | # | |
fd04e715 | 5 | # chkconfig: 345 21 89 |
cf3b46d6 | 6 | # |
4a9f24b4 | 7 | # description: sshd (secure shell daemon) is a server part of the ssh suite. \ |
8 | # Ssh can be used for remote login, remote file copying, TCP port \ | |
cf3b46d6 AF |
9 | # forwarding etc. Ssh offers strong encryption and authentication. |
10 | ||
9172cbe8 | 11 | SSHD_OOM_ADJUST=-1000 |
cf3b46d6 AF |
12 | |
13 | # Source function library | |
14 | . /etc/rc.d/init.d/functions | |
15 | ||
16 | # Get network config | |
17 | . /etc/sysconfig/network | |
18 | ||
19 | # Get service config | |
20 | [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd | |
21 | ||
22 | # Check that networking is up. | |
7d58fbb0 | 23 | if is_yes "${NETWORKING}"; then |
224aaee1 | 24 | if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then |
e6635719 | 25 | msg_network_down "OpenSSH" |
7d58fbb0 | 26 | exit 1 |
27 | fi | |
28 | else | |
29 | exit 0 | |
cf3b46d6 | 30 | fi |
a1c37c17 | 31 | |
32322335 | 32 | adjust_oom() { |
141073f0 ER |
33 | if [ -e /var/run/sshd.pid ]; then |
34 | for pid in $(cat /var/run/sshd.pid); do | |
9172cbe8 | 35 | echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj |
141073f0 ER |
36 | done |
37 | fi | |
32322335 AM |
38 | } |
39 | ||
945a8076 ER |
40 | checkconfig() { |
41 | /usr/sbin/sshd -t || exit 1 | |
42 | } | |
43 | ||
e6635719 | 44 | ssh_gen_keys() { |
3c573fc0 | 45 | # generate new keys with empty passwords if they do not exist |
46 | if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then | |
e6635719 | 47 | /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2 |
7d58fbb0 | 48 | chmod 600 /etc/ssh/ssh_host_key |
e6635719 | 49 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key |
3c573fc0 | 50 | fi |
51 | if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then | |
e6635719 | 52 | /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2 |
7d58fbb0 | 53 | chmod 600 /etc/ssh/ssh_host_rsa_key |
e6635719 | 54 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key |
3c573fc0 | 55 | fi |
56 | if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then | |
e6635719 | 57 | /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2 |
7d58fbb0 | 58 | chmod 600 /etc/ssh/ssh_host_dsa_key |
e6635719 ER |
59 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key |
60 | fi | |
7b384e20 AM |
61 | if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then |
62 | /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2 | |
63 | chmod 600 /etc/ssh/ssh_host_ecdsa_key | |
64 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key | |
65 | fi | |
e6635719 ER |
66 | } |
67 | ||
68 | start() { | |
69 | # Check if the service is already running? | |
70 | if [ -f /var/lock/subsys/sshd ]; then | |
71 | msg_already_running "OpenSSH" | |
72 | return | |
3c573fc0 | 73 | fi |
74 | ||
e6635719 ER |
75 | ssh_gen_keys |
76 | ||
945a8076 ER |
77 | checkconfig |
78 | ||
e6635719 ER |
79 | if [ ! -s /etc/ssh/ssh_host_key ]; then |
80 | msg_not_running "OpenSSH" | |
7d58fbb0 | 81 | nls "No SSH host key found! You must run \"%s init\" first." "$0" |
01d1f289 | 82 | exit 1 |
83 | fi | |
3c573fc0 | 84 | |
1292c55e ER |
85 | if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then |
86 | OPTIONS="$OPTIONS -4" | |
87 | fi | |
88 | if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then | |
89 | OPTIONS="$OPTIONS -6" | |
90 | fi | |
91 | ||
e6635719 | 92 | msg_starting "OpenSSH" |
1292c55e | 93 | daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS |
e6635719 ER |
94 | RETVAL=$? |
95 | adjust_oom | |
96 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd | |
b10eed65 ER |
97 | } |
98 | ||
99 | stop() { | |
7d58fbb0 | 100 | if [ -f /var/lock/subsys/sshd ]; then |
e6635719 | 101 | msg_stopping "OpenSSH" |
3007cef9 ER |
102 | # we use start-stop-daemon to stop sshd, as it is unacceptable for such |
103 | # critical service as sshd to kill it by procname, but unfortunately | |
104 | # rc-scripts does not provide way to kill *only* by pidfile | |
105 | start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail | |
106 | rm -f /var/lock/subsys/sshd >/dev/null 2>&1 | |
cbd44157 | 107 | else |
e6635719 | 108 | msg_not_running "OpenSSH" |
a1c37c17 | 109 | fi |
b10eed65 ER |
110 | } |
111 | ||
c0f446a0 JK |
112 | upstart_controlled --except init configtest |
113 | ||
b10eed65 ER |
114 | RETVAL=0 |
115 | # See how we were called. | |
116 | case "$1" in | |
117 | start) | |
118 | start | |
119 | ;; | |
120 | stop) | |
121 | stop | |
cf3b46d6 | 122 | ;; |
cbd44157 | 123 | restart) |
945a8076 | 124 | checkconfig |
b10eed65 ER |
125 | stop |
126 | start | |
cf3b46d6 AF |
127 | ;; |
128 | status) | |
129 | status sshd | |
cbd44157 | 130 | exit $? |
cf3b46d6 | 131 | ;; |
01d1f289 | 132 | init) |
0d883194 | 133 | nls "Now the SSH host key will be generated. Please note, that if you" |
134 | nls "will use password for the key, you will need to type it on each" | |
135 | nls "reboot." | |
e6635719 | 136 | ssh_gen_keys |
36f63877 | 137 | ;; |
c0f446a0 JK |
138 | configtest) |
139 | checkconfig | |
140 | ;; | |
bff0c7f8 | 141 | reload|force-reload) |
0d883194 | 142 | if [ -f /var/lock/subsys/sshd ]; then |
d1017959 | 143 | checkconfig |
e6635719 | 144 | msg_reloading "OpenSSH" |
0d883194 | 145 | killproc sshd -HUP |
146 | RETVAL=$? | |
0d883194 | 147 | else |
e6635719 | 148 | msg_not_running "OpenSSH" |
bff0c7f8 | 149 | exit 7 |
0d883194 | 150 | fi |
36f63877 | 151 | ;; |
cf3b46d6 | 152 | *) |
bff0c7f8 | 153 | msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}" |
154 | exit 3 | |
cf3b46d6 AF |
155 | esac |
156 | ||
cbd44157 | 157 | exit $RETVAL |