1 | #!/bin/bash |
---|
2 | # |
---|
3 | # sshd Start up the OpenSSH server daemon |
---|
4 | # |
---|
5 | # chkconfig: 2345 55 25 |
---|
6 | # description: SSH is a protocol for secure remote shell access. \ |
---|
7 | # This service starts up the OpenSSH server daemon. |
---|
8 | # |
---|
9 | # processname: sshd |
---|
10 | # config: /etc/ssh/ssh_host_key |
---|
11 | # config: /etc/ssh/ssh_host_key.pub |
---|
12 | # config: /etc/ssh/ssh_random_seed |
---|
13 | # config: /etc/ssh/sshd_config |
---|
14 | # pidfile: /var/run/sshd.pid |
---|
15 | |
---|
16 | ### BEGIN INIT INFO |
---|
17 | # Provides: sshd |
---|
18 | # Required-Start: $local_fs $network $syslog |
---|
19 | # Required-Stop: $local_fs $syslog |
---|
20 | # Should-Start: $syslog |
---|
21 | # Should-Stop: $network $syslog |
---|
22 | # Default-Start: 2 3 4 5 |
---|
23 | # Default-Stop: 0 1 6 |
---|
24 | # Short-Description: Start up the OpenSSH server daemon |
---|
25 | # Description: SSH is a protocol for secure remote shell access. |
---|
26 | # This service starts up the OpenSSH server daemon. |
---|
27 | ### END INIT INFO |
---|
28 | |
---|
29 | # source function library |
---|
30 | . /etc/rc.d/init.d/functions |
---|
31 | |
---|
32 | # pull in sysconfig settings |
---|
33 | [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd |
---|
34 | |
---|
35 | RETVAL=0 |
---|
36 | prog="sshd" |
---|
37 | lockfile=/var/lock/subsys/$prog |
---|
38 | |
---|
39 | # Some functions to make the below more readable |
---|
40 | KEYGEN=/usr/bin/ssh-keygen |
---|
41 | SSHD=/usr/sbin/sshd |
---|
42 | RSA1_KEY=/etc/ssh/ssh_host_key |
---|
43 | RSA_KEY=/etc/ssh/ssh_host_rsa_key |
---|
44 | DSA_KEY=/etc/ssh/ssh_host_dsa_key |
---|
45 | ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key |
---|
46 | PID_FILE=/var/run/sshd.pid |
---|
47 | |
---|
48 | runlevel=$(set -- $(runlevel); eval "echo \$$#" ) |
---|
49 | |
---|
50 | do_rsa1_keygen() { |
---|
51 | if [ ! -s $RSA1_KEY ]; then |
---|
52 | echo -n $"Generating SSH1 RSA host key: " |
---|
53 | rm -f $RSA1_KEY |
---|
54 | if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then |
---|
55 | chmod 600 $RSA1_KEY |
---|
56 | chmod 644 $RSA1_KEY.pub |
---|
57 | if [ -x /sbin/restorecon ]; then |
---|
58 | /sbin/restorecon $RSA1_KEY.pub |
---|
59 | fi |
---|
60 | success $"RSA1 key generation" |
---|
61 | echo |
---|
62 | else |
---|
63 | failure $"RSA1 key generation" |
---|
64 | echo |
---|
65 | exit 1 |
---|
66 | fi |
---|
67 | fi |
---|
68 | } |
---|
69 | |
---|
70 | do_rsa_keygen() { |
---|
71 | if [ ! -s $RSA_KEY ]; then |
---|
72 | echo -n $"Generating SSH2 RSA host key: " |
---|
73 | rm -f $RSA_KEY |
---|
74 | if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then |
---|
75 | chmod 600 $RSA_KEY |
---|
76 | chmod 644 $RSA_KEY.pub |
---|
77 | if [ -x /sbin/restorecon ]; then |
---|
78 | /sbin/restorecon $RSA_KEY.pub |
---|
79 | fi |
---|
80 | success $"RSA key generation" |
---|
81 | echo |
---|
82 | else |
---|
83 | failure $"RSA key generation" |
---|
84 | echo |
---|
85 | exit 1 |
---|
86 | fi |
---|
87 | fi |
---|
88 | } |
---|
89 | |
---|
90 | do_dsa_keygen() { |
---|
91 | if [ ! -s $DSA_KEY ]; then |
---|
92 | echo -n $"Generating SSH2 DSA host key: " |
---|
93 | rm -f $DSA_KEY |
---|
94 | if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then |
---|
95 | chmod 600 $DSA_KEY |
---|
96 | chmod 644 $DSA_KEY.pub |
---|
97 | if [ -x /sbin/restorecon ]; then |
---|
98 | /sbin/restorecon $DSA_KEY.pub |
---|
99 | fi |
---|
100 | success $"DSA key generation" |
---|
101 | echo |
---|
102 | else |
---|
103 | failure $"DSA key generation" |
---|
104 | echo |
---|
105 | exit 1 |
---|
106 | fi |
---|
107 | fi |
---|
108 | } |
---|
109 | |
---|
110 | do_ecdsa_keygen() { |
---|
111 | if [ ! -s $ECDSA_KEY ]; then |
---|
112 | echo -n $"Generating SSH2 ECDSA host key: " |
---|
113 | rm -f $ECDSA_KEY |
---|
114 | if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then |
---|
115 | chmod 600 $ECDSA_KEY |
---|
116 | chmod 644 $ECDSA_KEY.pub |
---|
117 | if [ -x /sbin/restorecon ]; then |
---|
118 | /sbin/restorecon $ECDSA_KEY.pub |
---|
119 | fi |
---|
120 | success $"ECDSA key generation" |
---|
121 | echo |
---|
122 | else |
---|
123 | failure $"ECDSA key generation" |
---|
124 | echo |
---|
125 | exit 1 |
---|
126 | fi |
---|
127 | fi |
---|
128 | } |
---|
129 | |
---|
130 | do_restart_sanity_check() |
---|
131 | { |
---|
132 | $SSHD -t |
---|
133 | RETVAL=$? |
---|
134 | if [ $RETVAL -ne 0 ]; then |
---|
135 | failure $"Configuration file or keys are invalid" |
---|
136 | echo |
---|
137 | fi |
---|
138 | } |
---|
139 | |
---|
140 | start() { |
---|
141 | [ -x $SSHD ] || exit 5 |
---|
142 | [ -f /etc/ssh/sshd_config ] || exit 6 |
---|
143 | # Create keys if necessary |
---|
144 | if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then |
---|
145 | do_rsa_keygen |
---|
146 | if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then |
---|
147 | do_rsa1_keygen |
---|
148 | do_dsa_keygen |
---|
149 | do_ecdsa_keygen |
---|
150 | fi |
---|
151 | fi |
---|
152 | |
---|
153 | cp -af /etc/localtime /var/empty/sshd/etc |
---|
154 | |
---|
155 | echo -n $"Starting $prog: " |
---|
156 | $SSHD $OPTIONS && success || failure |
---|
157 | RETVAL=$? |
---|
158 | [ $RETVAL -eq 0 ] && touch $lockfile |
---|
159 | echo |
---|
160 | return $RETVAL |
---|
161 | } |
---|
162 | |
---|
163 | stop() { |
---|
164 | echo -n $"Stopping $prog: " |
---|
165 | if [ -n "`pidfileofproc $SSHD`" ] ; then |
---|
166 | killproc $SSHD |
---|
167 | else |
---|
168 | failure $"Stopping $prog" |
---|
169 | fi |
---|
170 | RETVAL=$? |
---|
171 | # if we are in halt or reboot runlevel kill all running sessions |
---|
172 | # so the TCP connections are closed cleanly |
---|
173 | if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then |
---|
174 | trap '' TERM |
---|
175 | killall $prog 2>/dev/null |
---|
176 | trap TERM |
---|
177 | fi |
---|
178 | [ $RETVAL -eq 0 ] && rm -f $lockfile |
---|
179 | echo |
---|
180 | } |
---|
181 | |
---|
182 | reload() { |
---|
183 | echo -n $"Reloading $prog: " |
---|
184 | if [ -n "`pidfileofproc $SSHD`" ] ; then |
---|
185 | killproc $SSHD -HUP |
---|
186 | else |
---|
187 | failure $"Reloading $prog" |
---|
188 | fi |
---|
189 | RETVAL=$? |
---|
190 | echo |
---|
191 | } |
---|
192 | |
---|
193 | restart() { |
---|
194 | stop |
---|
195 | start |
---|
196 | } |
---|
197 | |
---|
198 | force_reload() { |
---|
199 | restart |
---|
200 | } |
---|
201 | |
---|
202 | do_status() { |
---|
203 | status -p $PID_FILE openssh-daemon |
---|
204 | } |
---|
205 | |
---|
206 | is_running() { |
---|
207 | do_status >/dev/null 2>&1 |
---|
208 | } |
---|
209 | |
---|
210 | case "$1" in |
---|
211 | start) |
---|
212 | is_running && exit 0 |
---|
213 | start |
---|
214 | ;; |
---|
215 | stop) |
---|
216 | if ! is_running; then |
---|
217 | rm -f $lockfile |
---|
218 | exit 0 |
---|
219 | fi |
---|
220 | stop |
---|
221 | ;; |
---|
222 | restart) |
---|
223 | restart |
---|
224 | ;; |
---|
225 | reload) |
---|
226 | is_running || exit 7 |
---|
227 | reload |
---|
228 | ;; |
---|
229 | force-reload) |
---|
230 | force_reload |
---|
231 | ;; |
---|
232 | condrestart|try-restart) |
---|
233 | is_running || exit 0 |
---|
234 | if [ -f $lockfile ] ; then |
---|
235 | do_restart_sanity_check |
---|
236 | if [ $RETVAL -eq 0 ] ; then |
---|
237 | stop |
---|
238 | # avoid race |
---|
239 | sleep 3 |
---|
240 | start |
---|
241 | else |
---|
242 | RETVAL=6 |
---|
243 | fi |
---|
244 | fi |
---|
245 | ;; |
---|
246 | status) |
---|
247 | do_status |
---|
248 | RETVAL=$? |
---|
249 | if [ $RETVAL -eq 3 -a -f $lockfile ] ; then |
---|
250 | RETVAL=2 |
---|
251 | fi |
---|
252 | ;; |
---|
253 | *) |
---|
254 | echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}" |
---|
255 | RETVAL=2 |
---|
256 | esac |
---|
257 | exit $RETVAL |
---|