#
# chkconfig: 345 55 45
#
-# description: sshd (secure shell daemon) is a server part of the ssh suite.
-# Ssh can be used for remote login, remote file copying, TCP port
+# description: sshd (secure shell daemon) is a server part of the ssh suite. \
+# Ssh can be used for remote login, remote file copying, TCP port \
# forwarding etc. Ssh offers strong encryption and authentication.
# Check that networking is up.
if is_yes "${NETWORKING}"; then
- if [ ! -f /var/lock/subsys/network ]; then
+ if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
msg_network_down OpenSSH
exit 1
fi
else
exit 0
fi
-
+checkconfig() {
+ /usr/sbin/sshd -t || exit 1
+}
+
+RETVAL=0
# See how we were called.
case "$1" in
start)
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
chmod 600 /etc/ssh/ssh_host_key
+ [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || :
fi
if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 1>&2
chmod 600 /etc/ssh/ssh_host_rsa_key
+ [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || :
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 1>&2
chmod 600 /etc/ssh/ssh_host_dsa_key
+ [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
fi
+ checkconfig
+
if [ ! -f /etc/ssh/ssh_host_key ]; then
msg_not_running OpenSSH
nls "No SSH host key found! You must run \"%s init\" first." "$0"
# Check if the service is already running?
if [ ! -f /var/lock/subsys/sshd ]; then
msg_starting OpenSSH
- ULIMIT_C="-S -c 0"
- daemon /usr/sbin/sshd
+ daemon /usr/sbin/sshd
RETVAL=$?
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
else
msg_already_running OpenSSH
fi
stop)
if [ -f /var/lock/subsys/sshd ]; then
msg_stopping OpenSSH
- killproc sshd
- rm -f /var/run/sshd.pid /var/lock/subsys/sshd >/dev/null 2>&1
+ # we use start-stop-daemon to stop sshd, as it is unacceptable for such
+ # critical service as sshd to kill it by procname, but unfortunately
+ # rc-scripts does not provide way to kill *only* by pidfile
+ start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
+ rm -f /var/lock/subsys/sshd >/dev/null 2>&1
else
msg_not_running OpenSSH
- exit 1
- fi
+ fi
;;
restart)
+ checkconfig
$0 stop
$0 start
+ exit $?
;;
status)
status sshd
nls "will use password for the key, you will need to type it on each"
nls "reboot."
/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key
+ [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || :
chmod 600 /etc/ssh/ssh_host_key
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
+ [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || :
chmod 600 /etc/ssh/ssh_host_rsa_key
/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
chmod 600 /etc/ssh/ssh_host_dsa_key
+ [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
exit $?
;;
- reload)
+ reload|force-reload)
if [ -f /var/lock/subsys/sshd ]; then
msg_reloading OpenSSH
- busy
killproc sshd -HUP
RETVAL=$?
- [ $RETVAL -eq 0 ] && ok || died
else
msg_not_running OpenSSH
- exit 1
+ exit 7
fi
;;
*)
- msg_usage "$0 {start|stop|init|restart|reload|status}"
- exit 1
+ msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
+ exit 3
esac
exit $RETVAL