Subversion Repositories configs

Rev

Rev 4 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
4 - 1 
#!/bin/bash
2 
#
3 
# sshd		Start up the OpenSSH server daemon
4 
#
5 
# chkconfig: 2345 55 25
6 
# description: SSH is a protocol for secure remote shell access. \
7 
#              This service starts up the OpenSSH server daemon.
8 
#
9 
# processname: sshd
10 
# config: /etc/ssh/ssh_host_key
11 
# config: /etc/ssh/ssh_host_key.pub
12 
# config: /etc/ssh/ssh_random_seed
13 
# config: /etc/ssh/sshd_config
14 
# pidfile: /var/run/sshd.pid
15 
 
16 
### BEGIN INIT INFO
17 
# Provides: sshd
18 
# Required-Start: $local_fs $network $syslog
19 
# Required-Stop: $local_fs $syslog
20 
# Should-Start: $syslog
21 
# Should-Stop: $network $syslog
22 
# Default-Start: 2 3 4 5
23 
# Default-Stop: 0 1 6
24 
# Short-Description: Start up the OpenSSH server daemon
25 
# Description:       SSH is a protocol for secure remote shell access.
26 
#		     This service starts up the OpenSSH server daemon.
27 
### END INIT INFO
28 
 
29 
# source function library
30 
. /etc/rc.d/init.d/functions
31 
 
32 
# pull in sysconfig settings
33 
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
34 
 
35 
RETVAL=0
36 
prog="sshd"
37 
lockfile=/var/lock/subsys/$prog
38 
 
39 
# Some functions to make the below more readable
40 
KEYGEN=/usr/bin/ssh-keygen
41 
SSHD=/usr/sbin/sshd
42 
RSA1_KEY=/etc/ssh/ssh_host_key
43 
RSA_KEY=/etc/ssh/ssh_host_rsa_key
44 
DSA_KEY=/etc/ssh/ssh_host_dsa_key
45 
PID_FILE=/var/run/sshd.pid
46 
 
47 
runlevel=$(set -- $(runlevel); eval "echo \$$#" )
48 
 
49 
fips_enabled() {
50 
	if [ -r /proc/sys/crypto/fips_enabled ]; then
51 
		cat /proc/sys/crypto/fips_enabled
52 
	else
53 
		echo 0
54 
	fi
55 
}
56 
 
57 
do_rsa1_keygen() {
58 
	if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
59 
		echo -n $"Generating SSH1 RSA host key: "
60 
		rm -f $RSA1_KEY
61 
		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
62 
			chmod 600 $RSA1_KEY
63 
			chmod 644 $RSA1_KEY.pub
64 
			if [ -x /sbin/restorecon ]; then
65 
			    /sbin/restorecon $RSA1_KEY.pub
66 
			fi
67 
			success $"RSA1 key generation"
68 
			echo
69 
		else
70 
			failure $"RSA1 key generation"
71 
			echo
72 
			exit 1
73 
		fi
74 
	fi
75 
}
76 
 
77 
do_rsa_keygen() {
78 
	if [ ! -s $RSA_KEY ]; then
79 
		echo -n $"Generating SSH2 RSA host key: "
80 
		rm -f $RSA_KEY
81 
		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
82 
			chmod 600 $RSA_KEY
83 
			chmod 644 $RSA_KEY.pub
84 
			if [ -x /sbin/restorecon ]; then
85 
			    /sbin/restorecon $RSA_KEY.pub
86 
			fi
87 
			success $"RSA key generation"
88 
			echo
89 
		else
90 
			failure $"RSA key generation"
91 
			echo
92 
			exit 1
93 
		fi
94 
	fi
95 
}
96 
 
97 
do_dsa_keygen() {
9 - 98 
	if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then
4 - 99 
		echo -n $"Generating SSH2 DSA host key: "
100 
		rm -f $DSA_KEY
101 
		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
102 
			chmod 600 $DSA_KEY
103 
			chmod 644 $DSA_KEY.pub
104 
			if [ -x /sbin/restorecon ]; then
105 
			    /sbin/restorecon $DSA_KEY.pub
106 
			fi
107 
			success $"DSA key generation"
108 
			echo
109 
		else
110 
			failure $"DSA key generation"
111 
			echo
112 
			exit 1
113 
		fi
114 
	fi
115 
}
116 
 
117 
do_restart_sanity_check()
118 
{
119 
	$SSHD -t
120 
	RETVAL=$?
121 
	if [ $RETVAL -ne  0 ]; then
122 
		failure $"Configuration file or keys are invalid"
123 
		echo
124 
	fi
125 
}
126 
 
127 
start()
128 
{
129 
	[ -x $SSHD ] || exit 5
130 
	[ -f /etc/ssh/sshd_config ] || exit 6
131 
	# Create keys if necessary
132 
	if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
133 
		do_rsa_keygen
9 - 134 
		if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
135 
			do_rsa1_keygen
136 
			do_dsa_keygen
137 
		fi
4 - 138 
	fi
139 
 
140 
	echo -n $"Starting $prog: "
141 
	$SSHD $OPTIONS && success || failure
142 
	RETVAL=$?
143 
	[ $RETVAL -eq 0 ] && touch $lockfile
144 
	echo
145 
	return $RETVAL
146 
}
147 
 
148 
stop()
149 
{
150 
	echo -n $"Stopping $prog: "
151 
	killproc -p $PID_FILE $SSHD
152 
	RETVAL=$?
153 
	# if we are in halt or reboot runlevel kill all running sessions
154 
	# so the TCP connections are closed cleanly
155 
	if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
156 
	    trap '' TERM
157 
	    killall $prog 2>/dev/null
158 
	    trap TERM
159 
	fi
160 
	[ $RETVAL -eq 0 ] && rm -f $lockfile
161 
	echo
162 
}
163 
 
164 
reload()
165 
{
166 
	echo -n $"Reloading $prog: "
167 
	killproc -p $PID_FILE $SSHD -HUP
168 
	RETVAL=$?
169 
	echo
170 
}
171 
 
172 
restart() {
173 
	stop
174 
	start
175 
}
176 
 
177 
force_reload() {
178 
	restart
179 
}
180 
 
181 
rh_status() {
182 
	status -p $PID_FILE openssh-daemon
183 
}
184 
 
185 
rh_status_q() {
186 
	rh_status >/dev/null 2>&1
187 
}
188 
 
189 
case "$1" in
190 
	start)
191 
		rh_status_q && exit 0
192 
		start
193 
		;;
194 
	stop)
195 
		if ! rh_status_q; then
196 
			rm -f $lockfile
197 
			exit 0
198 
		fi
199 
		stop
200 
		;;
201 
	restart)
202 
		restart
203 
		;;
204 
	reload)
205 
		rh_status_q || exit 7
206 
		reload
207 
		;;
208 
	force-reload)
209 
		force_reload
210 
		;;
211 
	condrestart|try-restart)
212 
		rh_status_q || exit 0
213 
		if [ -f $lockfile ] ; then
214 
			do_restart_sanity_check
215 
			if [ $RETVAL -eq 0 ] ; then
216 
				stop
217 
				# avoid race
218 
				sleep 3
219 
				start
220 
			else
221 
				RETVAL=6
222 
			fi
223 
		fi
224 
		;;
225 
	status)
226 
		rh_status
227 
		RETVAL=$?
228 
		if [ $RETVAL -eq 3 -a -f $lockfile ] ; then
229 
			RETVAL=2
230 
		fi
231 
		;;
232 
	*)
233 
		echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}"
234 
		RETVAL=2
235 
esac
236 
exit $RETVAL