opensshd.init

   1 #!/bin/sh
   2 #
   3 # sshd          sshd (secure shell daemon)
   4 #
   5 # chkconfig:    345 21 89
   6 #
   7 # description:  sshd (secure shell daemon) is a server part of the ssh suite. \
   8 #               Ssh can be used for remote login, remote file copying, TCP port \
   9 #               forwarding etc. Ssh offers strong encryption and authentication.
  10
  11 # Source function library
  12 . /etc/rc.d/init.d/functions
  13
  14 upstart_controlled --except init configtest
  15
  16 # Get network config
  17 . /etc/sysconfig/network
  18
  19 SSHD_OOM_ADJUST=-1000
  20
  21 # Get service config
  22 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
  23
  24 # Check that networking is up.
  25 if is_yes "${NETWORKING}"; then
  26         if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
  27                 msg_network_down "OpenSSH"
  28                 exit 1
  29         fi
  30 else
  31         exit 0
  32 fi
  33
  34 adjust_oom() {
  35         if [ -e /var/run/sshd.pid ]; then
  36                 for pid in $(cat /var/run/sshd.pid); do
  37                         echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
  38                 done
  39         fi
  40 }
  41
  42 checkconfig() {
  43         /usr/sbin/sshd -t || exit 1
  44 }
  45
  46 ssh_gen_keys() {
  47         # generate new keys with empty passwords if they do not exist
  48         if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
  49                 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
  50                 chmod 600 /etc/ssh/ssh_host_key
  51                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
  52         fi
  53         if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
  54                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
  55                 chmod 600 /etc/ssh/ssh_host_rsa_key
  56                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
  57         fi
  58         if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
  59                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
  60                 chmod 600 /etc/ssh/ssh_host_dsa_key
  61                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
  62         fi
  63         if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
  64                 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
  65                 chmod 600 /etc/ssh/ssh_host_ecdsa_key
  66                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
  67         fi
  68 }
  69
  70 start() {
  71         # Check if the service is already running?
  72         if [ -f /var/lock/subsys/sshd ]; then
  73                 msg_already_running "OpenSSH"
  74                 return
  75         fi
  76
  77         ssh_gen_keys
  78         checkconfig
  79
  80         if [ ! -s /etc/ssh/ssh_host_key ]; then
  81                 msg_not_running "OpenSSH"
  82                 nls "No SSH host key found! You must run \"%s init\" first." "$0"
  83                 exit 1
  84         fi
  85
  86         if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
  87                 OPTIONS="$OPTIONS -4"
  88         fi
  89         if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
  90                 OPTIONS="$OPTIONS -6"
  91         fi
  92
  93         msg_starting "OpenSSH"
  94         daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
  95         RETVAL=$?
  96         adjust_oom
  97         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
  98 }
  99
 100 stop() {
 101         if [ ! -f /var/lock/subsys/sshd ]; then
 102                 msg_not_running "OpenSSH"
 103                 return
 104         fi
 105
 106         msg_stopping "OpenSSH"
 107         # we use start-stop-daemon to stop sshd, as it is unacceptable for such
 108         # critical service as sshd to kill it by procname, but unfortunately
 109         # rc-scripts does not provide way to kill *only* by pidfile
 110         start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
 111         rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 112 }
 113
 114 reload() {
 115         if [ ! -f /var/lock/subsys/sshd ]; then
 116                 msg_not_running "OpenSSH"
 117                 RETVAL=7
 118                 return
 119         fi
 120
 121         ssh_gen_keys
 122         checkconfig
 123         msg_reloading "OpenSSH"
 124         killproc sshd -HUP
 125         RETVAL=$?
 126 }
 127
 128 RETVAL=0
 129 # See how we were called.
 130 case "$1" in
 131   start)
 132         start
 133         ;;
 134   stop)
 135         stop
 136         ;;
 137   restart)
 138         checkconfig
 139         stop
 140         start
 141         ;;
 142   reload|force-reload)
 143         reload
 144         ;;
 145   configtest)
 146         checkconfig
 147         ;;
 148   init)
 149         nls "Now the SSH host key will be generated. Please note, that if you"
 150         nls "will use password for the key, you will need to type it on each"
 151         nls "reboot."
 152         ssh_gen_keys
 153         ;;
 154   status)
 155         status sshd
 156         exit $?
 157         ;;
 158   *)
 159         msg_usage "$0 {start|stop|restart|reload|force-reload|configtest|init|status}"
 160         exit 3
 161 esac
 162
 163 exit $RETVAL