#!/bin/sh # # sshd sshd (secure shell daemon) # # chkconfig: 345 55 45 # # description: sshd (secure shell daemon) is a server part of the ssh suite. \ # Ssh can be used for remote login, remote file copying, TCP port \ # forwarding etc. Ssh offers strong encryption and authentication. SSHD_OOM_ADJUST=-17 # Source function library . /etc/rc.d/init.d/functions # Get network config . /etc/sysconfig/network # Get service config [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd # Check that networking is up. if is_yes "${NETWORKING}"; then if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status -a "$1" != init ]; then msg_network_down OpenSSH exit 1 fi else exit 0 fi adjust_oom() { if [ -e /var/run/sshd.pid ]; then for pid in $(cat /var/run/sshd.pid); do echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj done fi } checkconfig() { /usr/sbin/sshd -t || exit 1 } start() { # generate new keys with empty passwords if they do not exist if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2 chmod 600 /etc/ssh/ssh_host_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || : fi if [ ! -f /etc/ssh/ssh_host_rsa_key -o ! -s /etc/ssh/ssh_host_rsa_key ]; then /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' 1>&2 chmod 600 /etc/ssh/ssh_host_rsa_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || : fi if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 1>&2 chmod 600 /etc/ssh/ssh_host_dsa_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || : fi checkconfig if [ ! -f /etc/ssh/ssh_host_key ]; then msg_not_running OpenSSH nls "No SSH host key found! You must run \"%s init\" first." "$0" exit 1 fi # Check if the service is already running? if [ ! -f /var/lock/subsys/sshd ]; then msg_starting OpenSSH daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd RETVAL=$? adjust_oom [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd else msg_already_running OpenSSH fi } stop() { if [ -f /var/lock/subsys/sshd ]; then msg_stopping OpenSSH # we use start-stop-daemon to stop sshd, as it is unacceptable for such # critical service as sshd to kill it by procname, but unfortunately # rc-scripts does not provide way to kill *only* by pidfile start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail rm -f /var/lock/subsys/sshd >/dev/null 2>&1 else msg_not_running OpenSSH fi } RETVAL=0 # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) checkconfig stop start ;; status) status sshd exit $? ;; init) nls "Now the SSH host key will be generated. Please note, that if you" nls "will use password for the key, you will need to type it on each" nls "reboot." /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_key || : chmod 600 /etc/ssh/ssh_host_key /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_rsa_key || : chmod 600 /etc/ssh/ssh_host_rsa_key /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key chmod 600 /etc/ssh/ssh_host_dsa_key [ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || : exit $? ;; reload|force-reload) if [ -f /var/lock/subsys/sshd ]; then checkconfig msg_reloading OpenSSH killproc sshd -HUP RETVAL=$? else msg_not_running OpenSSH exit 7 fi ;; *) msg_usage "$0 {start|stop|init|restart|reload|force-reload|status}" exit 3 esac exit $RETVAL