# Ssh can be used for remote login, remote file copying, TCP port \
# forwarding etc. Ssh offers strong encryption and authentication.
+SSHD_OOM_ADJUST=-17
# Source function library
. /etc/rc.d/init.d/functions
else
exit 0
fi
-
-RETVAL=0
-# See how we were called.
-case "$1" in
- start)
+
+adjust_oom() {
+ if [ -e /var/run/sshd.pid ]; then
+ for pid in $(cat /var/run/sshd.pid); do
+ echo "$SSHD_OOM_ADJUST" 2>/dev/null > /proc/$pid/oom_adj
+ done
+ fi
+}
+
+checkconfig() {
+ /usr/sbin/sshd -t || exit 1
+}
+
+start() {
# generate new keys with empty passwords if they do not exist
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N '' 1>&2
[ -x /sbin/restorecon ] && /sbin/restorecon /etc/ssh/ssh_host_dsa_key || :
fi
+ checkconfig
+
if [ ! -f /etc/ssh/ssh_host_key ]; then
msg_not_running OpenSSH
nls "No SSH host key found! You must run \"%s init\" first." "$0"
# Check if the service is already running?
if [ ! -f /var/lock/subsys/sshd ]; then
msg_starting OpenSSH
- daemon /usr/sbin/sshd
+ daemon --pidfile /var/run/sshd.pid /usr/sbin/sshd
RETVAL=$?
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+ adjust_oom
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
else
msg_already_running OpenSSH
fi
- ;;
- stop)
+}
+
+stop() {
if [ -f /var/lock/subsys/sshd ]; then
msg_stopping OpenSSH
- killproc sshd
- rm -f /var/run/sshd.pid /var/lock/subsys/sshd >/dev/null 2>&1
+ # we use start-stop-daemon to stop sshd, as it is unacceptable for such
+ # critical service as sshd to kill it by procname, but unfortunately
+ # rc-scripts does not provide way to kill *only* by pidfile
+ start-stop-daemon --stop --quiet --pidfile /var/run/sshd.pid && ok || fail
+ rm -f /var/lock/subsys/sshd >/dev/null 2>&1
else
msg_not_running OpenSSH
- fi
+ fi
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
;;
restart)
- $0 stop
- $0 start
- exit $?
+ checkconfig
+ stop
+ start
;;
status)
status sshd
;;
reload|force-reload)
if [ -f /var/lock/subsys/sshd ]; then
+ checkconfig
msg_reloading OpenSSH
killproc sshd -HUP
RETVAL=$?
else
- msg_not_running OpenSSH >&2
+ msg_not_running OpenSSH
exit 7
fi
;;