opensshd.init

   1 #!/bin/sh
   2 #
   3 # sshd          sshd (secure shell daemon)
   4 #
   5 # chkconfig:    345 21 89
   6 #
   7 # description:  sshd (secure shell daemon) is a server part of the ssh suite. \
   8 #               Ssh can be used for remote login, remote file copying, TCP port \
   9 #               forwarding etc. Ssh offers strong encryption and authentication.
  10
  11 # Source function library
  12 . /etc/rc.d/init.d/functions
  13
  14 upstart_controlled --except init configtest
  15
  16 # Get network config
  17 . /etc/sysconfig/network
  18
  19 SSHD_OOM_ADJUST=-1000
  20
  21 # Get service config
  22 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
  23
  24 # Check that networking is up.
  25 if is_yes "${NETWORKING}"; then
  26         if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
  27                 msg_network_down "OpenSSH"
  28                 exit 1
  29         fi
  30 else
  31         exit 0
  32 fi
  33
  34 adjust_oom() {
  35         if [ -e /var/run/sshd.pid ]; then
  36                 for pid in $(cat /var/run/sshd.pid); do
  37                         echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
  38                 done
  39         fi
  40 }
  41
  42 checkconfig() {
  43         /usr/sbin/sshd -t || exit 1
  44 }
  45
  46 ssh_gen_keys() {
  47         # generate new keys with empty passwords if they do not exist
  48         if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
  49                 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
  50                 chmod 600 /etc/ssh/ssh_host_key
  51                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
  52         fi
  53         if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
  54                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
  55                 chmod 600 /etc/ssh/ssh_host_rsa_key
  56                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
  57         fi
  58         if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
  59                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
  60                 chmod 600 /etc/ssh/ssh_host_dsa_key
  61                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
  62         fi
  63         if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
  64                 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
  65                 chmod 600 /etc/ssh/ssh_host_ecdsa_key
  66                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
  67         fi
  68 }
  69
  70 start() {
  71         # Check if the service is already running?
  72         if [ -f /var/lock/subsys/sshd ]; then
  73                 msg_already_running "OpenSSH"
  74                 return
  75         fi
  76
  77         ssh_gen_keys
  78         checkconfig
  79
  80         if [ ! -s /etc/ssh/ssh_host_key ]; then
  81                 msg_not_running "OpenSSH"
  82                 nls "No SSH host key found! You must run \"%s init\" first." "$0"
  83                 exit 1
  84         fi
  85
  86         if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
  87                 OPTIONS="$OPTIONS -4"
  88         fi
  89         if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
  90                 OPTIONS="$OPTIONS -6"
  91         fi
  92
  93         msg_starting "OpenSSH"
  94         daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
  95         RETVAL=$?
  96         adjust_oom
  97         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
  98 }
  99
 100 stop() {
 101         if [ ! -f /var/lock/subsys/sshd ]; then
 102                 msg_not_running "OpenSSH"
 103                 return
 104         fi
 105
 106         msg_stopping "OpenSSH"
 107         # we use start-stop-daemon to stop sshd, as it is unacceptable for such
 108         # critical service as sshd to kill it by procname, but unfortunately
 109         # rc-scripts does not provide way to kill *only* by pidfile
 110         start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
 111         rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 112 }
 113
 114 reload() {
 115         if [ ! -f /var/lock/subsys/sshd ]; then
 116                 msg_not_running "OpenSSH"
 117                 RETVAL=7
 118                 return
 119         fi
 120
 121         ssh_gen_keys
 122         checkconfig
 123         msg_reloading "OpenSSH"
 124         killproc sshd -HUP
 125         RETVAL=$?
 126 }
 127
 128 condrestart() {
 129         if [ ! -f /var/lock/subsys/sshd ]; then
 130                 msg_not_running "OpenSSH"
 131                 RETVAL=$1
 132                 return
 133         fi
 134
 135         checkconfig
 136         stop
 137         start
 138 }
 139
 140 RETVAL=0
 141 # See how we were called.
 142 case "$1" in
 143   start)
 144         start
 145         ;;
 146   stop)
 147         stop
 148         ;;
 149   restart)
 150         checkconfig
 151         stop
 152         start
 153         ;;
 154   try-restart)
 155         condrestart 0
 156         ;;
 157   reload|force-reload)
 158         reload
 159         ;;
 160   configtest)
 161         checkconfig
 162         ;;
 163   init)
 164         nls "Now the SSH host key will be generated. Please note, that if you"
 165         nls "will use password for the key, you will need to type it on each"
 166         nls "reboot."
 167         ssh_gen_keys
 168         ;;
 169   status)
 170         status sshd
 171         exit $?
 172         ;;
 173   *)
 174         msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
 175         exit 3
 176 esac
 177
 178 exit $RETVAL