d93958db19
- add testing FIPS mode support - LSBize the initscript (#247014)
226 lines
4.2 KiB
Bash
Executable File
226 lines
4.2 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# sshd Start up the OpenSSH server daemon
|
|
#
|
|
# chkconfig: 2345 55 25
|
|
# description: SSH is a protocol for secure remote shell access. \
|
|
# This service starts up the OpenSSH server daemon.
|
|
#
|
|
# processname: sshd
|
|
# config: /etc/ssh/ssh_host_key
|
|
# config: /etc/ssh/ssh_host_key.pub
|
|
# config: /etc/ssh/ssh_random_seed
|
|
# config: /etc/ssh/sshd_config
|
|
# pidfile: /var/run/sshd.pid
|
|
|
|
### BEGIN INIT INFO
|
|
# Provides: sshd
|
|
# Required-Start: $local_fs $network $syslog
|
|
# Required-Stop: $local_fs $syslog
|
|
# Should-Start: $syslog
|
|
# Should-Stop: $network $syslog
|
|
# Default-Start: 2 3 4 5
|
|
# Default-Stop: 0 1 6
|
|
# Short-Description: Start up the OpenSSH server daemon
|
|
# Description: SSH is a protocol for secure remote shell access.
|
|
# This service starts up the OpenSSH server daemon.
|
|
### END INIT INFO
|
|
|
|
# source function library
|
|
. /etc/rc.d/init.d/functions
|
|
|
|
# pull in sysconfig settings
|
|
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
|
|
|
|
RETVAL=0
|
|
prog="sshd"
|
|
lockfile=/var/lock/subsys/$prog
|
|
|
|
# Some functions to make the below more readable
|
|
KEYGEN=/usr/bin/ssh-keygen
|
|
SSHD=/usr/sbin/sshd
|
|
RSA1_KEY=/etc/ssh/ssh_host_key
|
|
RSA_KEY=/etc/ssh/ssh_host_rsa_key
|
|
DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
|
PID_FILE=/var/run/sshd.pid
|
|
|
|
runlevel=$(set -- $(runlevel); eval "echo \$$#" )
|
|
|
|
do_rsa1_keygen() {
|
|
if [ ! -s $RSA1_KEY ]; then
|
|
echo -n $"Generating SSH1 RSA host key: "
|
|
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
|
|
chmod 600 $RSA1_KEY
|
|
chmod 644 $RSA1_KEY.pub
|
|
if [ -x /sbin/restorecon ]; then
|
|
/sbin/restorecon $RSA1_KEY.pub
|
|
fi
|
|
success $"RSA1 key generation"
|
|
echo
|
|
else
|
|
failure $"RSA1 key generation"
|
|
echo
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
do_rsa_keygen() {
|
|
if [ ! -s $RSA_KEY ]; then
|
|
echo -n $"Generating SSH2 RSA host key: "
|
|
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
|
chmod 600 $RSA_KEY
|
|
chmod 644 $RSA_KEY.pub
|
|
if [ -x /sbin/restorecon ]; then
|
|
/sbin/restorecon $RSA_KEY.pub
|
|
fi
|
|
success $"RSA key generation"
|
|
echo
|
|
else
|
|
failure $"RSA key generation"
|
|
echo
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
do_dsa_keygen() {
|
|
if [ ! -s $DSA_KEY ]; then
|
|
echo -n $"Generating SSH2 DSA host key: "
|
|
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
|
chmod 600 $DSA_KEY
|
|
chmod 644 $DSA_KEY.pub
|
|
if [ -x /sbin/restorecon ]; then
|
|
/sbin/restorecon $DSA_KEY.pub
|
|
fi
|
|
success $"DSA key generation"
|
|
echo
|
|
else
|
|
failure $"DSA key generation"
|
|
echo
|
|
exit 1
|
|
fi
|
|
fi
|
|
}
|
|
|
|
do_restart_sanity_check()
|
|
{
|
|
$SSHD -t
|
|
RETVAL=$?
|
|
if [ ! "$RETVAL" = 0 ]; then
|
|
failure $"Configuration file or keys are invalid"
|
|
echo
|
|
fi
|
|
}
|
|
|
|
start()
|
|
{
|
|
[ -x $SSHD ] || exit 5
|
|
[ -f /etc/ssh/sshd_config ] || exit 6
|
|
# Create keys if necessary
|
|
if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
|
|
do_rsa1_keygen
|
|
do_rsa_keygen
|
|
do_dsa_keygen
|
|
fi
|
|
|
|
echo -n $"Starting $prog: "
|
|
$SSHD $OPTIONS && success || failure
|
|
RETVAL=$?
|
|
[ "$RETVAL" = 0 ] && touch $lockfile
|
|
echo
|
|
return $RETVAL
|
|
}
|
|
|
|
stop()
|
|
{
|
|
echo -n $"Stopping $prog: "
|
|
if [ -n "`pidfileofproc $SSHD`" ] ; then
|
|
killproc $SSHD
|
|
else
|
|
failure $"Stopping $prog"
|
|
fi
|
|
RETVAL=$?
|
|
# if we are in halt or reboot runlevel kill all running sessions
|
|
# so the TCP connections are closed cleanly
|
|
if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
|
|
trap '' TERM
|
|
killall $prog 2>/dev/null
|
|
trap TERM
|
|
fi
|
|
[ "$RETVAL" = 0 ] && rm -f $lockfile
|
|
echo
|
|
}
|
|
|
|
reload()
|
|
{
|
|
echo -n $"Reloading $prog: "
|
|
if [ -n "`pidfileofproc $SSHD`" ] ; then
|
|
killproc $SSHD -HUP
|
|
else
|
|
failure $"Reloading $prog"
|
|
fi
|
|
RETVAL=$?
|
|
echo
|
|
}
|
|
|
|
restart() {
|
|
stop
|
|
start
|
|
}
|
|
|
|
force_reload() {
|
|
restart
|
|
}
|
|
|
|
rh_status() {
|
|
status -p $PID_FILE openssh-daemon
|
|
}
|
|
|
|
rh_status_q() {
|
|
rh_status >/dev/null 2>&1
|
|
}
|
|
|
|
case "$1" in
|
|
start)
|
|
rh_status_q && exit 0
|
|
start
|
|
;;
|
|
stop)
|
|
rh_status_q || exit 0
|
|
stop
|
|
;;
|
|
restart)
|
|
restart
|
|
;;
|
|
reload)
|
|
rh_status_q || exit 7
|
|
reload
|
|
;;
|
|
force-reload)
|
|
force_reload
|
|
;;
|
|
condrestart|try-restart)
|
|
rh_status_q || exit 0
|
|
if [ -f $lockfile ] ; then
|
|
do_restart_sanity_check
|
|
if [ "$RETVAL" = 0 ] ; then
|
|
stop
|
|
# avoid race
|
|
sleep 3
|
|
start
|
|
else
|
|
RETVAL=6
|
|
fi
|
|
fi
|
|
;;
|
|
status)
|
|
rh_status
|
|
RETVAL=$?
|
|
;;
|
|
*)
|
|
echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}"
|
|
RETVAL=2
|
|
esac
|
|
exit $RETVAL
|