- use url to portable

[packages/openssh.git] / opensshd.init

#!/bin/sh
#
# sshd		sshd (secure shell daemon)
#
# chkconfig:	345 21 89
#
# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
#		Ssh can be used for remote login, remote file copying, TCP port \
#		forwarding etc. Ssh offers strong encryption and authentication.

SSHD_OOM_ADJUST=-1000

# Source function library
. /etc/rc.d/init.d/functions

# Get network config
. /etc/sysconfig/network

# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

# Check that networking is up.
if is_yes "${NETWORKING}"; then
	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
		msg_network_down "OpenSSH"
		exit 1
	fi
else
	exit 0
fi

adjust_oom() {
	if [ -e /var/run/sshd.pid ]; then
		for pid in $(cat /var/run/sshd.pid); do
			echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
		done
	fi
}

checkconfig() {
	/usr/sbin/sshd -t || exit 1
}

ssh_gen_keys() {
	# generate new keys with empty passwords if they do not exist
	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
	fi
	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_rsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_dsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_ecdsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	fi
}

start() {
	# Check if the service is already running?
	if [ -f /var/lock/subsys/sshd ]; then
		msg_already_running "OpenSSH"
		return
	fi

	ssh_gen_keys

	checkconfig

	if [ ! -s /etc/ssh/ssh_host_key ]; then
		msg_not_running "OpenSSH"
		nls "No SSH host key found! You must run \"%s init\" first." "$0"
		exit 1
	fi

	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
		OPTIONS="$OPTIONS -4"
	fi
	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
		OPTIONS="$OPTIONS -6"
	fi

	msg_starting "OpenSSH"
	daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
	RETVAL=$?
	adjust_oom
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
}

stop() {
	if [ -f /var/lock/subsys/sshd ]; then
		msg_stopping "OpenSSH"
		# we use start-stop-daemon to stop sshd, as it is unacceptable for such
		# critical service as sshd to kill it by procname, but unfortunately
		# rc-scripts does not provide way to kill *only* by pidfile
		start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
		rm -f /var/lock/subsys/sshd >/dev/null 2>&1
	else
		msg_not_running "OpenSSH"
	fi
}

upstart_controlled --except init configtest

RETVAL=0
# See how we were called.
case "$1" in
  start)
  	start
	;;
  stop)
  	stop
	;;
  restart)
	checkconfig
	stop
	start
	;;
  status)
	status sshd
	exit $?
	;;
  init)
	nls "Now the SSH host key will be generated. Please note, that if you"
	nls "will use password for the key, you will need to type it on each"
	nls "reboot."
	ssh_gen_keys
	;;
  configtest)
	checkconfig
	;;
  reload|force-reload)
	if [ -f /var/lock/subsys/sshd ]; then
		checkconfig
		msg_reloading "OpenSSH"
		killproc sshd -HUP
		RETVAL=$?
	else
		msg_not_running "OpenSSH"
		exit 7
	fi
	;;
  *)
	msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
	exit 3
esac

exit $RETVAL