Subversion Repositories configs

Rev

Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
4 - 1 
#!/bin/bash
2 
#
3 
# sshd		Start up the OpenSSH server daemon
4 
#
5 
# chkconfig: 2345 55 25
6 
# description: SSH is a protocol for secure remote shell access. \
7 
#              This service starts up the OpenSSH server daemon.
8 
#
9 
# processname: sshd
10 
# config: /etc/ssh/ssh_host_key
11 
# config: /etc/ssh/ssh_host_key.pub
12 
# config: /etc/ssh/ssh_random_seed
13 
# config: /etc/ssh/sshd_config
14 
# pidfile: /var/run/sshd.pid
15 
 
16 
### BEGIN INIT INFO
17 
# Provides: sshd
18 
# Required-Start: $local_fs $network $syslog
19 
# Required-Stop: $local_fs $syslog
20 
# Should-Start: $syslog
21 
# Should-Stop: $network $syslog
22 
# Default-Start: 2 3 4 5
23 
# Default-Stop: 0 1 6
24 
# Short-Description: Start up the OpenSSH server daemon
25 
# Description:       SSH is a protocol for secure remote shell access.
26 
#		     This service starts up the OpenSSH server daemon.
27 
### END INIT INFO
28 
 
29 
# source function library
30 
. /etc/rc.d/init.d/functions
31 
 
32 
# pull in sysconfig settings
33 
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
34 
 
35 
RETVAL=0
36 
prog="sshd"
37 
lockfile=/var/lock/subsys/$prog
38 
 
39 
# Some functions to make the below more readable
40 
KEYGEN=/usr/bin/ssh-keygen
41 
SSHD=/usr/sbin/sshd
42 
RSA1_KEY=/etc/ssh/ssh_host_key
43 
RSA_KEY=/etc/ssh/ssh_host_rsa_key
44 
DSA_KEY=/etc/ssh/ssh_host_dsa_key
45 
PID_FILE=/var/run/sshd.pid
46 
 
47 
runlevel=$(set -- $(runlevel); eval "echo \$$#" )
48 
 
49 
fips_enabled() {
50 
	if [ -r /proc/sys/crypto/fips_enabled ]; then
51 
		cat /proc/sys/crypto/fips_enabled
52 
	else
53 
		echo 0
54 
	fi
55 
}
56 
 
57 
do_rsa1_keygen() {
58 
	if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
59 
		echo -n $"Generating SSH1 RSA host key: "
60 
		rm -f $RSA1_KEY
61 
		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
62 
			chmod 600 $RSA1_KEY
63 
			chmod 644 $RSA1_KEY.pub
64 
			if [ -x /sbin/restorecon ]; then
65 
			    /sbin/restorecon $RSA1_KEY.pub
66 
			fi
67 
			success $"RSA1 key generation"
68 
			echo
69 
		else
70 
			failure $"RSA1 key generation"
71 
			echo
72 
			exit 1
73 
		fi
74 
	fi
75 
}
76 
 
77 
do_rsa_keygen() {
78 
	if [ ! -s $RSA_KEY ]; then
79 
		echo -n $"Generating SSH2 RSA host key: "
80 
		rm -f $RSA_KEY
81 
		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
82 
			chmod 600 $RSA_KEY
83 
			chmod 644 $RSA_KEY.pub
84 
			if [ -x /sbin/restorecon ]; then
85 
			    /sbin/restorecon $RSA_KEY.pub
86 
			fi
87 
			success $"RSA key generation"
88 
			echo
89 
		else
90 
			failure $"RSA key generation"
91 
			echo
92 
			exit 1
93 
		fi
94 
	fi
95 
}
96 
 
97 
do_dsa_keygen() {
98 
	if [ ! -s $DSA_KEY ]; then
99 
		echo -n $"Generating SSH2 DSA host key: "
100 
		rm -f $DSA_KEY
101 
		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
102 
			chmod 600 $DSA_KEY
103 
			chmod 644 $DSA_KEY.pub
104 
			if [ -x /sbin/restorecon ]; then
105 
			    /sbin/restorecon $DSA_KEY.pub
106 
			fi
107 
			success $"DSA key generation"
108 
			echo
109 
		else
110 
			failure $"DSA key generation"
111 
			echo
112 
			exit 1
113 
		fi
114 
	fi
115 
}
116 
 
117 
do_restart_sanity_check()
118 
{
119 
	$SSHD -t
120 
	RETVAL=$?
121 
	if [ $RETVAL -ne  0 ]; then
122 
		failure $"Configuration file or keys are invalid"
123 
		echo
124 
	fi
125 
}
126 
 
127 
start()
128 
{
129 
	[ -x $SSHD ] || exit 5
130 
	[ -f /etc/ssh/sshd_config ] || exit 6
131 
	# Create keys if necessary
132 
	if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
133 
		do_rsa1_keygen
134 
		do_rsa_keygen
135 
		do_dsa_keygen
136 
	fi
137 
 
138 
	echo -n $"Starting $prog: "
139 
	$SSHD $OPTIONS && success || failure
140 
	RETVAL=$?
141 
	[ $RETVAL -eq 0 ] && touch $lockfile
142 
	echo
143 
	return $RETVAL
144 
}
145 
 
146 
stop()
147 
{
148 
	echo -n $"Stopping $prog: "
149 
	killproc -p $PID_FILE $SSHD
150 
	RETVAL=$?
151 
	# if we are in halt or reboot runlevel kill all running sessions
152 
	# so the TCP connections are closed cleanly
153 
	if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
154 
	    trap '' TERM
155 
	    killall $prog 2>/dev/null
156 
	    trap TERM
157 
	fi
158 
	[ $RETVAL -eq 0 ] && rm -f $lockfile
159 
	echo
160 
}
161 
 
162 
reload()
163 
{
164 
	echo -n $"Reloading $prog: "
165 
	killproc -p $PID_FILE $SSHD -HUP
166 
	RETVAL=$?
167 
	echo
168 
}
169 
 
170 
restart() {
171 
	stop
172 
	start
173 
}
174 
 
175 
force_reload() {
176 
	restart
177 
}
178 
 
179 
rh_status() {
180 
	status -p $PID_FILE openssh-daemon
181 
}
182 
 
183 
rh_status_q() {
184 
	rh_status >/dev/null 2>&1
185 
}
186 
 
187 
case "$1" in
188 
	start)
189 
		rh_status_q && exit 0
190 
		start
191 
		;;
192 
	stop)
193 
		if ! rh_status_q; then
194 
			rm -f $lockfile
195 
			exit 0
196 
		fi
197 
		stop
198 
		;;
199 
	restart)
200 
		restart
201 
		;;
202 
	reload)
203 
		rh_status_q || exit 7
204 
		reload
205 
		;;
206 
	force-reload)
207 
		force_reload
208 
		;;
209 
	condrestart|try-restart)
210 
		rh_status_q || exit 0
211 
		if [ -f $lockfile ] ; then
212 
			do_restart_sanity_check
213 
			if [ $RETVAL -eq 0 ] ; then
214 
				stop
215 
				# avoid race
216 
				sleep 3
217 
				start
218 
			else
219 
				RETVAL=6
220 
			fi
221 
		fi
222 
		;;
223 
	status)
224 
		rh_status
225 
		RETVAL=$?
226 
		if [ $RETVAL -eq 3 -a -f $lockfile ] ; then
227 
			RETVAL=2
228 
		fi
229 
		;;
230 
	*)
231 
		echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}"
232 
		RETVAL=2
233 
esac
234 
exit $RETVAL