Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed
#!/bin/bash## sshd Start up the OpenSSH server daemon## chkconfig: 2345 55 25# description: SSH is a protocol for secure remote shell access. \# This service starts up the OpenSSH server daemon.## processname: sshd# config: /etc/ssh/ssh_host_key# config: /etc/ssh/ssh_host_key.pub# config: /etc/ssh/ssh_random_seed# config: /etc/ssh/sshd_config# pidfile: /var/run/sshd.pid### BEGIN INIT INFO# Provides: sshd# Required-Start: $local_fs $network $syslog# Required-Stop: $local_fs $syslog# Should-Start: $syslog# Should-Stop: $network $syslog# Default-Start: 2 3 4 5# Default-Stop: 0 1 6# Short-Description: Start up the OpenSSH server daemon# Description: SSH is a protocol for secure remote shell access.# This service starts up the OpenSSH server daemon.### END INIT INFO# source function library. /etc/rc.d/init.d/functions# pull in sysconfig settings[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshdRETVAL=0prog="sshd"lockfile=/var/lock/subsys/$prog# Some functions to make the below more readableKEYGEN=/usr/bin/ssh-keygenSSHD=/usr/sbin/sshdRSA1_KEY=/etc/ssh/ssh_host_keyRSA_KEY=/etc/ssh/ssh_host_rsa_keyDSA_KEY=/etc/ssh/ssh_host_dsa_keyPID_FILE=/var/run/sshd.pidrunlevel=$(set -- $(runlevel); eval "echo \$$#" )fips_enabled() {if [ -r /proc/sys/crypto/fips_enabled ]; thencat /proc/sys/crypto/fips_enabledelseecho 0fi}do_rsa1_keygen() {if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; thenecho -n $"Generating SSH1 RSA host key: "rm -f $RSA1_KEYif test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; thenchmod 600 $RSA1_KEYchmod 644 $RSA1_KEY.pubif [ -x /sbin/restorecon ]; then/sbin/restorecon $RSA1_KEY.pubfisuccess $"RSA1 key generation"echoelsefailure $"RSA1 key generation"echoexit 1fifi}do_rsa_keygen() {if [ ! -s $RSA_KEY ]; thenecho -n $"Generating SSH2 RSA host key: "rm -f $RSA_KEYif test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; thenchmod 600 $RSA_KEYchmod 644 $RSA_KEY.pubif [ -x /sbin/restorecon ]; then/sbin/restorecon $RSA_KEY.pubfisuccess $"RSA key generation"echoelsefailure $"RSA key generation"echoexit 1fifi}do_dsa_keygen() {if [ ! -s $DSA_KEY ]; thenecho -n $"Generating SSH2 DSA host key: "rm -f $DSA_KEYif test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; thenchmod 600 $DSA_KEYchmod 644 $DSA_KEY.pubif [ -x /sbin/restorecon ]; then/sbin/restorecon $DSA_KEY.pubfisuccess $"DSA key generation"echoelsefailure $"DSA key generation"echoexit 1fifi}do_restart_sanity_check(){$SSHD -tRETVAL=$?if [ $RETVAL -ne 0 ]; thenfailure $"Configuration file or keys are invalid"echofi}start(){[ -x $SSHD ] || exit 5[ -f /etc/ssh/sshd_config ] || exit 6# Create keys if necessaryif [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; thendo_rsa1_keygendo_rsa_keygendo_dsa_keygenfiecho -n $"Starting $prog: "$SSHD $OPTIONS && success || failureRETVAL=$?[ $RETVAL -eq 0 ] && touch $lockfileechoreturn $RETVAL}stop(){echo -n $"Stopping $prog: "killproc -p $PID_FILE $SSHDRETVAL=$?# if we are in halt or reboot runlevel kill all running sessions# so the TCP connections are closed cleanlyif [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; thentrap '' TERMkillall $prog 2>/dev/nulltrap TERMfi[ $RETVAL -eq 0 ] && rm -f $lockfileecho}reload(){echo -n $"Reloading $prog: "killproc -p $PID_FILE $SSHD -HUPRETVAL=$?echo}restart() {stopstart}force_reload() {restart}rh_status() {status -p $PID_FILE openssh-daemon}rh_status_q() {rh_status >/dev/null 2>&1}case "$1" instart)rh_status_q && exit 0start;;stop)if ! rh_status_q; thenrm -f $lockfileexit 0fistop;;restart)restart;;reload)rh_status_q || exit 7reload;;force-reload)force_reload;;condrestart|try-restart)rh_status_q || exit 0if [ -f $lockfile ] ; thendo_restart_sanity_checkif [ $RETVAL -eq 0 ] ; thenstop# avoid racesleep 3startelseRETVAL=6fifi;;status)rh_statusRETVAL=$?if [ $RETVAL -eq 3 -a -f $lockfile ] ; thenRETVAL=2fi;;*)echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}"RETVAL=2esacexit $RETVAL