opensshd.init

   1 #!/bin/sh
   2 #
   3 # sshd          sshd (secure shell daemon)
   4 #
   5 # chkconfig:    345 21 89
   6 #
   7 # description:  sshd (secure shell daemon) is a server part of the ssh suite. \
   8 #               Ssh can be used for remote login, remote file copying, TCP port \
   9 #               forwarding etc. Ssh offers strong encryption and authentication.
  10
  11 # Source function library
  12 . /etc/rc.d/init.d/functions
  13
  14 # Get network config
  15 . /etc/sysconfig/network
  16
  17 SSHD_OOM_ADJUST=-1000
  18
  19 # Get service config
  20 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
  21
  22 # Check that networking is up.
  23 if is_yes "${NETWORKING}"; then
  24         if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
  25                 msg_network_down "OpenSSH"
  26                 exit 1
  27         fi
  28 else
  29         exit 0
  30 fi
  31
  32 adjust_oom() {
  33         if [ -e /var/run/sshd.pid ]; then
  34                 for pid in $(cat /var/run/sshd.pid); do
  35                         echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
  36                 done
  37         fi
  38 }
  39
  40 checkconfig() {
  41         /usr/sbin/sshd -t || exit 1
  42 }
  43
  44 ssh_gen_keys() {
  45         # generate new keys with empty passwords if they do not exist
  46         if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
  47                 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
  48                 chmod 600 /etc/ssh/ssh_host_key
  49                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
  50         fi
  51         if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
  52                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
  53                 chmod 600 /etc/ssh/ssh_host_rsa_key
  54                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
  55         fi
  56         if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
  57                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
  58                 chmod 600 /etc/ssh/ssh_host_dsa_key
  59                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
  60         fi
  61         if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
  62                 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
  63                 chmod 600 /etc/ssh/ssh_host_ecdsa_key
  64                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
  65         fi
  66 }
  67
  68 start() {
  69         # Check if the service is already running?
  70         if [ -f /var/lock/subsys/sshd ]; then
  71                 msg_already_running "OpenSSH"
  72                 return
  73         fi
  74
  75         ssh_gen_keys
  76         checkconfig
  77
  78         if [ ! -s /etc/ssh/ssh_host_key ]; then
  79                 msg_not_running "OpenSSH"
  80                 nls "No SSH host key found! You must run \"%s init\" first." "$0"
  81                 exit 1
  82         fi
  83
  84         if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
  85                 OPTIONS="$OPTIONS -4"
  86         fi
  87         if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
  88                 OPTIONS="$OPTIONS -6"
  89         fi
  90
  91         msg_starting "OpenSSH"
  92         daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
  93         RETVAL=$?
  94         adjust_oom
  95         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
  96 }
  97
  98 stop() {
  99         if [ ! -f /var/lock/subsys/sshd ]; then
 100                 msg_not_running "OpenSSH"
 101                 return
 102         fi
 103
 104         msg_stopping "OpenSSH"
 105         # we use start-stop-daemon to stop sshd, as it is unacceptable for such
 106         # critical service as sshd to kill it by procname, but unfortunately
 107         # rc-scripts does not provide way to kill *only* by pidfile
 108         start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
 109         rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 110 }
 111
 112 reload() {
 113         if [ ! -f /var/lock/subsys/sshd ]; then
 114                 msg_not_running "OpenSSH"
 115                 RETVAL=7
 116                 return
 117         fi
 118
 119         checkconfig
 120         msg_reloading "OpenSSH"
 121         killproc sshd -HUP
 122         RETVAL=$?
 123 }
 124
 125 upstart_controlled --except init configtest
 126
 127 RETVAL=0
 128 # See how we were called.
 129 case "$1" in
 130   start)
 131         start
 132         ;;
 133   stop)
 134         stop
 135         ;;
 136   restart)
 137         checkconfig
 138         stop
 139         start
 140         ;;
 141   reload|force-reload)
 142         reload
 143         ;;
 144   configtest)
 145         checkconfig
 146         ;;
 147   init)
 148         nls "Now the SSH host key will be generated. Please note, that if you"
 149         nls "will use password for the key, you will need to type it on each"
 150         nls "reboot."
 151         ssh_gen_keys
 152         ;;
 153   status)
 154         status sshd
 155         exit $?
 156         ;;
 157   *)
 158         msg_usage "$0 {start|stop|restart|reload|force-reload|configtest|init|status}"
 159         exit 3
 160 esac
 161
 162 exit $RETVAL