3 # sshd sshd (secure shell daemon)
7 # description: sshd (secure shell daemon) is a server part of the ssh suite. \
8 # Ssh can be used for remote login, remote file copying, TCP port \
9 # forwarding etc. Ssh offers strong encryption and authentication.
11 # Source function library
12 . /etc/rc.d/init.d/functions
14 upstart_controlled --except init configtest
17 . /etc/sysconfig/network
20 PIDFILE=/var/run/sshd.pid
23 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
25 # Check that networking is up.
26 if is_yes "${NETWORKING}"; then
27 if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
28 msg_network_down "OpenSSH"
36 if [ -e $PIDFILE ]; then
37 for pid in $(cat $PIDFILE); do
38 echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
45 /usr/sbin/sshd -t || exit 1
49 # generate new keys with empty passwords if they do not exist
50 if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
51 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
52 chmod 600 /etc/ssh/ssh_host_key
53 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
55 if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
56 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
57 chmod 600 /etc/ssh/ssh_host_rsa_key
58 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
60 if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
61 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
62 chmod 600 /etc/ssh/ssh_host_dsa_key
63 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
65 if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
66 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
67 chmod 600 /etc/ssh/ssh_host_ecdsa_key
68 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
70 if [ ! -f /etc/ssh/ssh_host_ed25519_key -o ! -s /etc/ssh/ssh_host_ed25519_key ]; then
71 /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >&2
72 chmod 600 /etc/ssh/ssh_host_ed25519_key
73 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ed25519_key
78 # Check if the service is already running?
79 if [ -f /var/lock/subsys/sshd ]; then
80 msg_already_running "OpenSSH"
86 if [ ! -s /etc/ssh/ssh_host_key ]; then
87 msg_not_running "OpenSSH"
88 nls "No SSH host key found! You must run \"%s init\" first." "$0"
92 if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
95 if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
99 msg_starting "OpenSSH"
100 daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
103 [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
107 if [ ! -f /var/lock/subsys/sshd ]; then
108 msg_not_running "OpenSSH"
112 msg_stopping "OpenSSH"
113 # we use start-stop-daemon to stop sshd, as it is unacceptable for such
114 # critical service as sshd to kill it by procname, but unfortunately
115 # rc-scripts does not provide way to kill *only* by pidfile
116 start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail
117 rm -f /var/lock/subsys/sshd >/dev/null 2>&1
121 if [ ! -f /var/lock/subsys/sshd ]; then
122 msg_not_running "OpenSSH"
128 msg_reloading "OpenSSH"
134 if [ ! -f /var/lock/subsys/sshd ]; then
135 msg_not_running "OpenSSH"
146 # See how we were called.
169 nls "Now the SSH host key will be generated. Please note, that if you"
170 nls "will use password for the key, you will need to type it on each"
175 status --pidfile $PIDFILE sshd
179 msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"