[packages/openssh.git] / opensshd.init

#!/bin/sh
#
# sshd		sshd (secure shell daemon)
#
# chkconfig:	345 22 88
#
# description:	sshd (secure shell daemon) is a server part of the ssh suite. \
#		Ssh can be used for remote login, remote file copying, TCP port \
#		forwarding etc. Ssh offers strong encryption and authentication.

# Source function library
. /etc/rc.d/init.d/functions

upstart_controlled --except init configtest

# Get network config
. /etc/sysconfig/network

SSHD_OOM_ADJUST=-1000
PIDFILE=/var/run/sshd.pid

# Get service config
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

# Check that networking is up.
if is_yes "${NETWORKING}"; then
	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
		msg_network_down "OpenSSH"
		exit 1
	fi
else
	exit 0
fi

adjust_oom() {
	if [ -e $PIDFILE ]; then
		for pid in $(cat $PIDFILE); do
			echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
		done
	fi
}

checkconfig() {
	ssh_gen_keys
	/usr/sbin/sshd -t || exit 1
}

ssh_gen_keys() {
	# generate new keys with empty passwords if they do not exist
	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
		/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
	fi
	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_rsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_dsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
	fi
	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
		/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
		chmod 600 /etc/ssh/ssh_host_ecdsa_key
		[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	fi # ecdsa
}

start() {
	# Check if the service is already running?
	if [ -f /var/lock/subsys/sshd ]; then
		msg_already_running "OpenSSH"
		return
	fi

	checkconfig

	if [ ! -s /etc/ssh/ssh_host_key ]; then
		msg_not_running "OpenSSH"
		nls "No SSH host key found! You must run \"%s init\" first." "$0"
		exit 1
	fi

	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
		OPTIONS="$OPTIONS -4"
	fi
	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
		OPTIONS="$OPTIONS -6"
	fi

	msg_starting "OpenSSH"
	daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
	RETVAL=$?
	adjust_oom
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
}

stop() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		return
	fi

	msg_stopping "OpenSSH"
	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	# critical service as sshd to kill it by procname, but unfortunately
	# rc-scripts does not provide way to kill *only* by pidfile
	start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail
	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
}

reload() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		RETVAL=7
		return
	fi

	checkconfig
	msg_reloading "OpenSSH"
	killproc sshd -HUP
	RETVAL=$?
}

condrestart() {
	if [ ! -f /var/lock/subsys/sshd ]; then
		msg_not_running "OpenSSH"
		RETVAL=$1
		return
	fi

	checkconfig
	stop
	start
}

RETVAL=0
# See how we were called.
case "$1" in
  start)
  	start
	;;
  stop)
  	stop
	;;
  restart)
	checkconfig
	stop
	start
	;;
  try-restart)
	condrestart 0
	;;
  reload|force-reload)
	reload
	;;
  configtest)
	checkconfig
	;;
  init)
	nls "Now the SSH host key will be generated. Please note, that if you"
	nls "will use password for the key, you will need to type it on each"
	nls "reboot."
	ssh_gen_keys
	;;
  status)
	status --pidfile $PIDFILE sshd
	exit $?
	;;
  *)
	msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}"
	exit 3
esac

exit $RETVAL
Commit	Line	Data
	1	#!/bin/sh
	2	#
	3	# sshd sshd (secure shell daemon)
	4	#
	5	# chkconfig: 345 22 88
	6	#
	7	# description: sshd (secure shell daemon) is a server part of the ssh suite. \
	8	# Ssh can be used for remote login, remote file copying, TCP port \
	9	# forwarding etc. Ssh offers strong encryption and authentication.
	10
	11	# Source function library
	12	. /etc/rc.d/init.d/functions
	13
	14	upstart_controlled --except init configtest
	15
	16	# Get network config
	17	. /etc/sysconfig/network
	18
	19	SSHD_OOM_ADJUST=-1000
	20	PIDFILE=/var/run/sshd.pid
	21
	22	# Get service config
	23	[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
	24
	25	# Check that networking is up.
	26	if is_yes "${NETWORKING}"; then
	27	if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
	28	msg_network_down "OpenSSH"
	29	exit 1
	30	fi
	31	else
	32	exit 0
	33	fi
	34
	35	adjust_oom() {
	36	if [ -e $PIDFILE ]; then
	37	for pid in $(cat $PIDFILE); do
	38	echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
	39	done
	40	fi
	41	}
	42
	43	checkconfig() {
	44	ssh_gen_keys
	45	/usr/sbin/sshd -t \|\| exit 1
	46	}
	47
	48	ssh_gen_keys() {
	49	# generate new keys with empty passwords if they do not exist
	50	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
	51	/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
	52	chmod 600 /etc/ssh/ssh_host_key
	53	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
	54	fi
	55	if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
	56	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
	57	chmod 600 /etc/ssh/ssh_host_rsa_key
	58	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
	59	fi
	60	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
	61	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
	62	chmod 600 /etc/ssh/ssh_host_dsa_key
	63	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
	64	fi
	65	if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
	66	/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
	67	chmod 600 /etc/ssh/ssh_host_ecdsa_key
	68	[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
	69	fi # ecdsa
	70	}
	71
	72	start() {
	73	# Check if the service is already running?
	74	if [ -f /var/lock/subsys/sshd ]; then
	75	msg_already_running "OpenSSH"
	76	return
	77	fi
	78
	79	checkconfig
	80
	81	if [ ! -s /etc/ssh/ssh_host_key ]; then
	82	msg_not_running "OpenSSH"
	83	nls "No SSH host key found! You must run \"%s init\" first." "$0"
	84	exit 1
	85	fi
	86
	87	if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
	88	OPTIONS="$OPTIONS -4"
	89	fi
	90	if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
	91	OPTIONS="$OPTIONS -6"
	92	fi
	93
	94	msg_starting "OpenSSH"
	95	daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS
	96	RETVAL=$?
	97	adjust_oom
	98	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
	99	}
	100
	101	stop() {
	102	if [ ! -f /var/lock/subsys/sshd ]; then
	103	msg_not_running "OpenSSH"
	104	return
	105	fi
	106
	107	msg_stopping "OpenSSH"
	108	# we use start-stop-daemon to stop sshd, as it is unacceptable for such
	109	# critical service as sshd to kill it by procname, but unfortunately
	110	# rc-scripts does not provide way to kill only by pidfile
	111	start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok \|\| fail
	112	rm -f /var/lock/subsys/sshd >/dev/null 2>&1
	113	}
	114
	115	reload() {
	116	if [ ! -f /var/lock/subsys/sshd ]; then
	117	msg_not_running "OpenSSH"
	118	RETVAL=7
	119	return
	120	fi
	121
	122	checkconfig
	123	msg_reloading "OpenSSH"
	124	killproc sshd -HUP
	125	RETVAL=$?
	126	}
	127
	128	condrestart() {
	129	if [ ! -f /var/lock/subsys/sshd ]; then
	130	msg_not_running "OpenSSH"
	131	RETVAL=$1
	132	return
	133	fi
	134
	135	checkconfig
	136	stop
	137	start
	138	}
	139
	140	RETVAL=0
	141	# See how we were called.
	142	case "$1" in
	143	start)
	144	start
	145	;;
	146	stop)
	147	stop
	148	;;
	149	restart)
	150	checkconfig
	151	stop
	152	start
	153	;;
	154	try-restart)
	155	condrestart 0
	156	;;
	157	reload\|force-reload)
	158	reload
	159	;;
	160	configtest)
	161	checkconfig
	162	;;
	163	init)
	164	nls "Now the SSH host key will be generated. Please note, that if you"
	165	nls "will use password for the key, you will need to type it on each"
	166	nls "reboot."
	167	ssh_gen_keys
	168	;;
	169	status)
	170	status --pidfile $PIDFILE sshd
	171	exit $?
	172	;;
	173	*)
	174	msg_usage "$0 {start\|stop\|restart\|try-restart\|reload\|force-reload\|configtest\|init\|status}"
	175	exit 3
	176	esac
	177
	178	exit $RETVAL