]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh | |
2 | # | |
3 | # sshd sshd (secure shell daemon) | |
4 | # | |
5 | # chkconfig: 345 22 88 | |
6 | # | |
7 | # description: sshd (secure shell daemon) is a server part of the ssh suite. \ | |
8 | # Ssh can be used for remote login, remote file copying, TCP port \ | |
9 | # forwarding etc. Ssh offers strong encryption and authentication. | |
10 | ||
11 | # Source function library | |
12 | . /etc/rc.d/init.d/functions | |
13 | ||
14 | upstart_controlled --except init configtest | |
15 | ||
16 | # Get network config | |
17 | . /etc/sysconfig/network | |
18 | ||
19 | SSHD_OOM_ADJUST=-1000 | |
20 | PIDFILE=/var/run/sshd.pid | |
21 | ||
22 | # Get service config | |
23 | [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd | |
24 | ||
25 | # Check that networking is up. | |
26 | if is_yes "${NETWORKING}"; then | |
27 | if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then | |
28 | msg_network_down "OpenSSH" | |
29 | exit 1 | |
30 | fi | |
31 | else | |
32 | exit 0 | |
33 | fi | |
34 | ||
35 | adjust_oom() { | |
36 | if [ -e $PIDFILE ]; then | |
37 | for pid in $(cat $PIDFILE); do | |
38 | echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj | |
39 | done | |
40 | fi | |
41 | } | |
42 | ||
43 | checkconfig() { | |
44 | ssh_gen_keys | |
45 | /usr/sbin/sshd -t || exit 1 | |
46 | } | |
47 | ||
48 | ssh_gen_keys() { | |
49 | # generate new keys with empty passwords if they do not exist | |
50 | if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then | |
51 | /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2 | |
52 | chmod 600 /etc/ssh/ssh_host_key | |
53 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key | |
54 | fi | |
55 | if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then | |
56 | /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2 | |
57 | chmod 600 /etc/ssh/ssh_host_rsa_key | |
58 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key | |
59 | fi | |
60 | if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then | |
61 | /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2 | |
62 | chmod 600 /etc/ssh/ssh_host_dsa_key | |
63 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key | |
64 | fi | |
65 | if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then | |
66 | /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2 | |
67 | chmod 600 /etc/ssh/ssh_host_ecdsa_key | |
68 | [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key | |
69 | fi # ecdsa | |
70 | } | |
71 | ||
72 | start() { | |
73 | # Check if the service is already running? | |
74 | if [ -f /var/lock/subsys/sshd ]; then | |
75 | msg_already_running "OpenSSH" | |
76 | return | |
77 | fi | |
78 | ||
79 | checkconfig | |
80 | ||
81 | if [ ! -s /etc/ssh/ssh_host_key ]; then | |
82 | msg_not_running "OpenSSH" | |
83 | nls "No SSH host key found! You must run \"%s init\" first." "$0" | |
84 | exit 1 | |
85 | fi | |
86 | ||
87 | if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then | |
88 | OPTIONS="$OPTIONS -4" | |
89 | fi | |
90 | if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then | |
91 | OPTIONS="$OPTIONS -6" | |
92 | fi | |
93 | ||
94 | msg_starting "OpenSSH" | |
95 | daemon --pidfile $PIDFILE /usr/sbin/sshd $OPTIONS | |
96 | RETVAL=$? | |
97 | adjust_oom | |
98 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd | |
99 | } | |
100 | ||
101 | stop() { | |
102 | if [ ! -f /var/lock/subsys/sshd ]; then | |
103 | msg_not_running "OpenSSH" | |
104 | return | |
105 | fi | |
106 | ||
107 | msg_stopping "OpenSSH" | |
108 | # we use start-stop-daemon to stop sshd, as it is unacceptable for such | |
109 | # critical service as sshd to kill it by procname, but unfortunately | |
110 | # rc-scripts does not provide way to kill *only* by pidfile | |
111 | start-stop-daemon --stop --quiet --pidfile $PIDFILE && ok || fail | |
112 | rm -f /var/lock/subsys/sshd >/dev/null 2>&1 | |
113 | } | |
114 | ||
115 | reload() { | |
116 | if [ ! -f /var/lock/subsys/sshd ]; then | |
117 | msg_not_running "OpenSSH" | |
118 | RETVAL=7 | |
119 | return | |
120 | fi | |
121 | ||
122 | checkconfig | |
123 | msg_reloading "OpenSSH" | |
124 | killproc sshd -HUP | |
125 | RETVAL=$? | |
126 | } | |
127 | ||
128 | condrestart() { | |
129 | if [ ! -f /var/lock/subsys/sshd ]; then | |
130 | msg_not_running "OpenSSH" | |
131 | RETVAL=$1 | |
132 | return | |
133 | fi | |
134 | ||
135 | checkconfig | |
136 | stop | |
137 | start | |
138 | } | |
139 | ||
140 | RETVAL=0 | |
141 | # See how we were called. | |
142 | case "$1" in | |
143 | start) | |
144 | start | |
145 | ;; | |
146 | stop) | |
147 | stop | |
148 | ;; | |
149 | restart) | |
150 | checkconfig | |
151 | stop | |
152 | start | |
153 | ;; | |
154 | try-restart) | |
155 | condrestart 0 | |
156 | ;; | |
157 | reload|force-reload) | |
158 | reload | |
159 | ;; | |
160 | configtest) | |
161 | checkconfig | |
162 | ;; | |
163 | init) | |
164 | nls "Now the SSH host key will be generated. Please note, that if you" | |
165 | nls "will use password for the key, you will need to type it on each" | |
166 | nls "reboot." | |
167 | ssh_gen_keys | |
168 | ;; | |
169 | status) | |
170 | status --pidfile $PIDFILE sshd | |
171 | exit $? | |
172 | ;; | |
173 | *) | |
174 | msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|configtest|init|status}" | |
175 | exit 3 | |
176 | esac | |
177 | ||
178 | exit $RETVAL |