[packages/openssh.git] / opensshd.init

#!/bin/sh
#
# sshd		sshd (secure shell daemon)
#
# chkconfig:	345 21 89
#
# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
#		Ssh can be used for remote login, remote file copying, TCP port \
#		forwarding etc. Ssh offers strong encryption and authentication.

# Source function library
. /etc/rc.d/init.d/functions

upstart_controlled --except init configtest

# Get network config
. /etc/sysconfig/network

SSHD_OOM_ADJUST=-1000

# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

# Check that networking is up.
if is_yes "${NETWORKING}"; then
	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
		msg_network_down "OpenSSH"
		exit 1
	fi
else
	exit 0
fi

adjust_oom() {
	if [ -e /var/run/sshd.pid ]; then
		for pid in $(cat /var/run/sshd.pid); do
			echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
		done
	fi
}

checkconfig() {
	ssh_gen_keys
	/usr/sbin/sshd -t || exit 1
}

ssh_gen_keys() {
	# generate new keys with empty passwords if they do not exist
	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
	fi
	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_rsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_dsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_ecdsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	fi
}

start() {
	# Check if the service is already running?
	if [ -f /var/lock/subsys/sshd ]; then
		msg_already_running "OpenSSH"
		return
	fi

	checkconfig

	if [ ! -s /etc/ssh/ssh_host_key ]; then
		msg_not_running "OpenSSH"
		nls "No SSH host key found! You must run \"%s init\" first." "$0"
		exit 1
	fi

	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
		OPTIONS="$OPTIONS -4"
	fi
	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
		OPTIONS="$OPTIONS -6"
	fi

	msg_starting "OpenSSH"
	daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
	RETVAL=$?
	adjust_oom
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
}

stop() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		return
	fi

	msg_stopping "OpenSSH"
	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	# critical service as sshd to kill it by procname, but unfortunately
	# rc-scripts does not provide way to kill *only* by pidfile
	start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
}

reload() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		RETVAL=7
		return
	fi

	checkconfig
	msg_reloading "OpenSSH"
	killproc sshd -HUP
	RETVAL=$?
}

condrestart() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		RETVAL=$1
		return
	fi

	checkconfig
	stop
	start
}

RETVAL=0
# See how we were called.
case "$1" in
  start)
  	start
	;;
  stop)
  	stop
	;;
  restart)
	checkconfig
	stop
	start
	;;
  try-restart)
	condrestart 0
	;;
  reload|force-reload)
	reload
	;;
  configtest)
	checkconfig
	;;
  init)
	nls "Now the SSH host key will be generated. Please note, that if you"
	nls "will use password for the key, you will need to type it on each"
	nls "reboot."
	ssh_gen_keys
	;;
  status)
	status sshd
	exit $?
	;;
  *)
	msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
	exit 3
esac

exit $RETVAL
Commit	Line	Data
	1	#!/bin/sh
	2	#
	3	# sshd sshd (secure shell daemon)
	4	#
	5	# chkconfig: 345 21 89
	6	#
	7	# description: sshd (secure shell daemon) is a server part of the ssh suite. \
	8	# Ssh can be used for remote login, remote file copying, TCP port \
	9	# forwarding etc. Ssh offers strong encryption and authentication.
	10
	11	# Source function library
	12	. /etc/rc.d/init.d/functions
	13
	14	upstart_controlled --except init configtest
	15
	16	# Get network config
	17	. /etc/sysconfig/network
	18
	19	SSHD_OOM_ADJUST=-1000
	20
	21	# Get service config
	22	[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
	23
	24	# Check that networking is up.
	25	if is_yes "${NETWORKING}"; then
	26	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
	27	msg_network_down "OpenSSH"
	28	exit 1
	29	fi
	30	else
	31	exit 0
	32	fi
	33
	34	adjust_oom() {
	35	if [ -e /var/run/sshd.pid ]; then
	36	for pid in $(cat /var/run/sshd.pid); do
	37	echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
	38	done
	39	fi
	40	}
	41
	42	checkconfig() {
	43	ssh_gen_keys
	44	/usr/sbin/sshd -t \|\| exit 1
	45	}
	46
	47	ssh_gen_keys() {
	48	# generate new keys with empty passwords if they do not exist
	49	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
	50	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
	51	chmod 600 /etc/ssh/ssh_host_key
	52	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
	53	fi
	54	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
	55	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
	56	chmod 600 /etc/ssh/ssh_host_rsa_key
	57	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
	58	fi
	59	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
	60	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
	61	chmod 600 /etc/ssh/ssh_host_dsa_key
	62	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
	63	fi
	64	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
	65	/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
	66	chmod 600 /etc/ssh/ssh_host_ecdsa_key
	67	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	68	fi
	69	}
	70
	71	start() {
	72	# Check if the service is already running?
	73	if [ -f /var/lock/subsys/sshd ]; then
	74	msg_already_running "OpenSSH"
	75	return
	76	fi
	77
	78	checkconfig
	79
	80	if [ ! -s /etc/ssh/ssh_host_key ]; then
	81	msg_not_running "OpenSSH"
	82	nls "No SSH host key found! You must run \"%s init\" first." "$0"
	83	exit 1
	84	fi
	85
	86	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
	87	OPTIONS="$OPTIONS -4"
	88	fi
	89	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
	90	OPTIONS="$OPTIONS -6"
	91	fi
	92
	93	msg_starting "OpenSSH"
	94	daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
	95	RETVAL=$?
	96	adjust_oom
	97	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
	98	}
	99
	100	stop() {
	101	if [ ! -f /var/lock/subsys/sshd ]; then
	102	msg_not_running "OpenSSH"
	103	return
	104	fi
	105
	106	msg_stopping "OpenSSH"
	107	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	108	# critical service as sshd to kill it by procname, but unfortunately
	109	# rc-scripts does not provide way to kill only by pidfile
	110	start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok \|\| fail
	111	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
	112	}
	113
	114	reload() {
	115	if [ ! -f /var/lock/subsys/sshd ]; then
	116	msg_not_running "OpenSSH"
	117	RETVAL=7
	118	return
	119	fi
	120
	121	checkconfig
	122	msg_reloading "OpenSSH"
	123	killproc sshd -HUP
	124	RETVAL=$?
	125	}
	126
	127	condrestart() {
	128	if [ ! -f /var/lock/subsys/sshd ]; then
	129	msg_not_running "OpenSSH"
	130	RETVAL=$1
	131	return
	132	fi
	133
	134	checkconfig
	135	stop
	136	start
	137	}
	138
	139	RETVAL=0
	140	# See how we were called.
	141	case "$1" in
	142	start)
	143	start
	144	;;
	145	stop)
	146	stop
	147	;;
	148	restart)
	149	checkconfig
	150	stop
	151	start
	152	;;
	153	try-restart)
	154	condrestart 0
	155	;;
	156	reload\|force-reload)
	157	reload
	158	;;
	159	configtest)
	160	checkconfig
	161	;;
	162	init)
	163	nls "Now the SSH host key will be generated. Please note, that if you"
	164	nls "will use password for the key, you will need to type it on each"
	165	nls "reboot."
	166	ssh_gen_keys
	167	;;
	168	status)
	169	status sshd
	170	exit $?
	171	;;
	172	*)
	173	msg_usage "$0 {start\|stop\|restart\|try-restart\|reload\|force-reload\|configtest\|init\|status}"
	174	exit 3
	175	esac
	176
	177	exit $RETVAL