opensshd.init

   1 #!/bin/sh
   2 #
   3 # sshd          sshd (secure shell daemon)
   4 #
   5 # chkconfig:    345 21 89
   6 #
   7 # description:  sshd (secure shell daemon) is a server part of the ssh suite. \
   8 #               Ssh can be used for remote login, remote file copying, TCP port \
   9 #               forwarding etc. Ssh offers strong encryption and authentication.
  10
  11 SSHD_OOM_ADJUST=-1000
  12
  13 # Source function library
  14 . /etc/rc.d/init.d/functions
  15
  16 # Get network config
  17 . /etc/sysconfig/network
  18
  19 # Get service config
  20 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
  21
  22 # Check that networking is up.
  23 if is_yes "${NETWORKING}"; then
  24         if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
  25                 msg_network_down "OpenSSH"
  26                 exit 1
  27         fi
  28 else
  29         exit 0
  30 fi
  31
  32 adjust_oom() {
  33         if [ -e /var/run/sshd.pid ]; then
  34                 for pid in $(cat /var/run/sshd.pid); do
  35                         echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
  36                 done
  37         fi
  38 }
  39
  40 checkconfig() {
  41         /usr/sbin/sshd -t || exit 1
  42 }
  43
  44 ssh_gen_keys() {
  45         # generate new keys with empty passwords if they do not exist
  46         if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
  47                 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
  48                 chmod 600 /etc/ssh/ssh_host_key
  49                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
  50         fi
  51         if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
  52                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
  53                 chmod 600 /etc/ssh/ssh_host_rsa_key
  54                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
  55         fi
  56         if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
  57                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
  58                 chmod 600 /etc/ssh/ssh_host_dsa_key
  59                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
  60         fi
  61         if [ ! -f /etc/ssh/ssh_host_ecdsa_key -o ! -s /etc/ssh/ssh_host_ecdsa_key ]; then
  62                 /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' >&2
  63                 chmod 600 /etc/ssh/ssh_host_ecdsa_key
  64                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key
  65         fi
  66 }
  67
  68 start() {
  69         # Check if the service is already running?
  70         if [ -f /var/lock/subsys/sshd ]; then
  71                 msg_already_running "OpenSSH"
  72                 return
  73         fi
  74
  75         ssh_gen_keys
  76
  77         checkconfig
  78
  79         if [ ! -s /etc/ssh/ssh_host_key ]; then
  80                 msg_not_running "OpenSSH"
  81                 nls "No SSH host key found! You must run \"%s init\" first." "$0"
  82                 exit 1
  83         fi
  84
  85         if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
  86                 OPTIONS="$OPTIONS -4"
  87         fi
  88         if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
  89                 OPTIONS="$OPTIONS -6"
  90         fi
  91
  92         msg_starting "OpenSSH"
  93         daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
  94         RETVAL=$?
  95         adjust_oom
  96         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
  97 }
  98
  99 stop() {
 100         if [ -f /var/lock/subsys/sshd ]; then
 101                 msg_stopping "OpenSSH"
 102                 # we use start-stop-daemon to stop sshd, as it is unacceptable for such
 103                 # critical service as sshd to kill it by procname, but unfortunately
 104                 # rc-scripts does not provide way to kill *only* by pidfile
 105                 start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
 106                 rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 107         else
 108                 msg_not_running "OpenSSH"
 109         fi
 110 }
 111
 112 upstart_controlled --except init configtest
 113
 114 RETVAL=0
 115 # See how we were called.
 116 case "$1" in
 117   start)
 118         start
 119         ;;
 120   stop)
 121         stop
 122         ;;
 123   restart)
 124         checkconfig
 125         stop
 126         start
 127         ;;
 128   status)
 129         status sshd
 130         exit $?
 131         ;;
 132   init)
 133         nls "Now the SSH host key will be generated. Please note, that if you"
 134         nls "will use password for the key, you will need to type it on each"
 135         nls "reboot."
 136         ssh_gen_keys
 137         ;;
 138   configtest)
 139         checkconfig
 140         ;;
 141   reload|force-reload)
 142         if [ -f /var/lock/subsys/sshd ]; then
 143                 checkconfig
 144                 msg_reloading "OpenSSH"
 145                 killproc sshd -HUP
 146                 RETVAL=$?
 147         else
 148                 msg_not_running "OpenSSH"
 149                 exit 7
 150         fi
 151         ;;
 152   *)
 153         msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
 154         exit 3
 155 esac
 156
 157 exit $RETVAL