opensshd.init

   1 #!/bin/sh
   2 #
   3 # sshd          sshd (secure shell daemon)
   4 #
   5 # chkconfig:    345 21 89
   6 #
   7 # description:  sshd (secure shell daemon) is a server part of the ssh suite. \
   8 #               Ssh can be used for remote login, remote file copying, TCP port \
   9 #               forwarding etc. Ssh offers strong encryption and authentication.
  10
  11 SSHD_OOM_ADJUST=-17
  12
  13 # Source function library
  14 . /etc/rc.d/init.d/functions
  15
  16 # Get network config
  17 . /etc/sysconfig/network
  18
  19 # Get service config
  20 [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
  21
  22 # Check that networking is up.
  23 if is_yes "${NETWORKING}"; then
  24         if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then
  25                 msg_network_down "OpenSSH"
  26                 exit 1
  27         fi
  28 else
  29         exit 0
  30 fi
  31
  32 adjust_oom() {
  33         if [ -e /var/run/sshd.pid ]; then
  34                 for pid in $(cat /var/run/sshd.pid); do
  35                         if [ -e /proc/$pid/oom_score_adj ]; then
  36                                 echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_score_adj
  37                         else
  38                                 echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj
  39                         fi
  40                 done
  41         fi
  42 }
  43
  44 checkconfig() {
  45         /usr/sbin/sshd -t || exit 1
  46 }
  47
  48 ssh_gen_keys() {
  49         # generate new keys with empty passwords if they do not exist
  50         if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
  51                 /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' >&2
  52                 chmod 600 /etc/ssh/ssh_host_key
  53                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key
  54         fi
  55         if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then
  56                 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
  57                 chmod 600 /etc/ssh/ssh_host_rsa_key
  58                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key
  59         fi
  60         if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
  61                 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
  62                 chmod 600 /etc/ssh/ssh_host_dsa_key
  63                 [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key
  64         fi
  65 }
  66
  67 start() {
  68         # Check if the service is already running?
  69         if [ -f /var/lock/subsys/sshd ]; then
  70                 msg_already_running "OpenSSH"
  71                 return
  72         fi
  73
  74         ssh_gen_keys
  75
  76         checkconfig
  77
  78         if [ ! -s /etc/ssh/ssh_host_key ]; then
  79                 msg_not_running "OpenSSH"
  80                 nls "No SSH host key found! You must run \"%s init\" first." "$0"
  81                 exit 1
  82         fi
  83
  84         if is_yes "$IPV4_NETWORKING" && is_no "$IPV6_NETWORKING"; then
  85                 OPTIONS="$OPTIONS -4"
  86         fi
  87         if is_yes "$IPV6_NETWORKING" && is_no "$IPV4_NETWORKING"; then
  88                 OPTIONS="$OPTIONS -6"
  89         fi
  90
  91         msg_starting "OpenSSH"
  92         daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd $OPTIONS
  93         RETVAL=$?
  94         adjust_oom
  95         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
  96 }
  97
  98 stop() {
  99         if [ -f /var/lock/subsys/sshd ]; then
 100                 msg_stopping "OpenSSH"
 101                 # we use start-stop-daemon to stop sshd, as it is unacceptable for such
 102                 # critical service as sshd to kill it by procname, but unfortunately
 103                 # rc-scripts does not provide way to kill *only* by pidfile
 104                 start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
 105                 rm -f /var/lock/subsys/sshd >/dev/null 2>&1
 106         else
 107                 msg_not_running "OpenSSH"
 108         fi
 109 }
 110
 111 upstart_controlled --except init configtest
 112
 113 RETVAL=0
 114 # See how we were called.
 115 case "$1" in
 116   start)
 117         start
 118         ;;
 119   stop)
 120         stop
 121         ;;
 122   restart)
 123         checkconfig
 124         stop
 125         start
 126         ;;
 127   status)
 128         status sshd
 129         exit $?
 130         ;;
 131   init)
 132         nls "Now the SSH host key will be generated. Please note, that if you"
 133         nls "will use password for the key, you will need to type it on each"
 134         nls "reboot."
 135         ssh_gen_keys
 136         ;;
 137   configtest)
 138         checkconfig
 139         ;;
 140   reload|force-reload)
 141         if [ -f /var/lock/subsys/sshd ]; then
 142                 checkconfig
 143                 msg_reloading "OpenSSH"
 144                 killproc sshd -HUP
 145                 RETVAL=$?
 146         else
 147                 msg_not_running "OpenSSH"
 148                 exit 7
 149         fi
 150         ;;
 151   *)
 152         msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}"
 153         exit 3
 154 esac
 155
 156 exit $RETVAL