#!/bin/bash## sshd Start up the OpenSSH server daemon## chkconfig: 2345

1. #!/bin/bash
2. #
3. # sshd Start up the OpenSSH server daemon
4. #
5. # chkconfig: 2345 55 25
6. # description: SSH is a protocol for secure remote shell access. \
7. # This service starts up the OpenSSH server daemon.
8. #
9. # processname: sshd
10. # config: /etc/ssh/ssh_host_key
11. # config: /etc/ssh/ssh_host_key.pub
12. # config: /etc/ssh/ssh_random_seed
13. # config: /etc/ssh/sshd_config
14. # pidfile: /var/run/sshd.pid
15.  
16. ### BEGIN INIT INFO
17. # Provides: sshd
18. # Required-Start: $local_fs $network $syslog
19. # Required-Stop: $local_fs $syslog
20. # Should-Start: $syslog
21. # Should-Stop: $network $syslog
22. # Default-Start: 2 3 4 5
23. # Default-Stop: 0 1 6
24. # Short-Description: Start up the OpenSSH server daemon
25. # Description: SSH is a protocol for secure remote shell access.
26. # This service starts up the OpenSSH server daemon.
27. ### END INIT INFO
28.  
29. # source function library
30. . /etc/rc.d/init.d/functions
31.  
32. # pull in sysconfig settings
33. [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
34.  
35. RETVAL=0
36. prog="sshd"
37. lockfile=/var/lock/subsys/$prog
38.  
39. # Some functions to make the below more readable
40. KEYGEN=/usr/bin/ssh-keygen
41. SSHD=/usr/sbin/sshd
42. RSA1_KEY=/etc/ssh/ssh_host_key
43. RSA_KEY=/etc/ssh/ssh_host_rsa_key
44. DSA_KEY=/etc/ssh/ssh_host_dsa_key
45. PID_FILE=/var/run/sshd.pid
46.  
47. runlevel=$(set -- $(runlevel); eval "echo \$$#" )
48.  
49. fips_enabled() {
50. if [ -r /proc/sys/crypto/fips_enabled ]; then
51. cat /proc/sys/crypto/fips_enabled
52. else
53. echo 0
54. fi
55. }
56.  
57. do_rsa1_keygen() {
58. if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
59. echo -n $"Generating SSH1 RSA host key: "
60. rm -f $RSA1_KEY
61. if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
62. chmod 600 $RSA1_KEY
63. chmod 644 $RSA1_KEY.pub
64. if [ -x /sbin/restorecon ]; then
65. /sbin/restorecon $RSA1_KEY.pub
66. fi
67. success $"RSA1 key generation"
68. echo
69. else
70. failure $"RSA1 key generation"
71. echo
72. exit 1
73. fi
74. fi
75. }
76.  
77. do_rsa_keygen() {
78. if [ ! -s $RSA_KEY ]; then
79. echo -n $"Generating SSH2 RSA host key: "
80. rm -f $RSA_KEY
81. if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
82. chmod 600 $RSA_KEY
83. chmod 644 $RSA_KEY.pub
84. if [ -x /sbin/restorecon ]; then
85. /sbin/restorecon $RSA_KEY.pub
86. fi
87. success $"RSA key generation"
88. echo
89. else
90. failure $"RSA key generation"
91. echo
92. exit 1
93. fi
94. fi
95. }
96.  
97. do_dsa_keygen() {
98. if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then
99. echo -n $"Generating SSH2 DSA host key: "
100. rm -f $DSA_KEY
101. if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
102. chmod 600 $DSA_KEY
103. chmod 644 $DSA_KEY.pub
104. if [ -x /sbin/restorecon ]; then
105. /sbin/restorecon $DSA_KEY.pub
106. fi
107. success $"DSA key generation"
108. echo
109. else
110. failure $"DSA key generation"
111. echo
112. exit 1
113. fi
114. fi
115. }
116.  
117. do_restart_sanity_check()
118. {
119. $SSHD -t
120. RETVAL=$?
121. if [ $RETVAL -ne 0 ]; then
122. failure $"Configuration file or keys are invalid"
123. echo
124. fi
125. }
126.  
127. start()
128. {
129. [ -x $SSHD ] || exit 5
130. [ -f /etc/ssh/sshd_config ] || exit 6
131. # Create keys if necessary
132. if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
133. do_rsa_keygen
134. if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
135. do_rsa1_keygen
136. do_dsa_keygen
137. fi
138. fi
139.  
140. echo -n $"Starting $prog: "
141. $SSHD $OPTIONS && success || failure
142. RETVAL=$?
143. [ $RETVAL -eq 0 ] && touch $lockfile
144. echo
145. return $RETVAL
146. }
147.  
148. stop()
149. {
150. echo -n $"Stopping $prog: "
151. killproc -p $PID_FILE $SSHD
152. RETVAL=$?
153. # if we are in halt or reboot runlevel kill all running sessions
154. # so the TCP connections are closed cleanly
155. if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
156. trap '' TERM
157. killall $prog 2>/dev/null
158. trap TERM
159. fi
160. [ $RETVAL -eq 0 ] && rm -f $lockfile
161. echo
162. }
163.  
164. reload()
165. {
166. echo -n $"Reloading $prog: "
167. killproc -p $PID_FILE $SSHD -HUP
168. RETVAL=$?
169. echo
170. }
171.  
172. restart() {
173. stop
174. start
175. }
176.  
177. force_reload() {
178. restart
179. }
180.  
181. rh_status() {
182. status -p $PID_FILE openssh-daemon
183. }
184.  
185. rh_status_q() {
186. rh_status >/dev/null 2>&1
187. }
188.  
189. case "$1" in
190. start)
191. rh_status_q && exit 0
192. start
193. ;;
194. stop)
195. if ! rh_status_q; then
196. rm -f $lockfile
197. exit 0
198. fi
199. stop
200. ;;
201. restart)
202. restart
203. ;;
204. reload)
205. rh_status_q || exit 7
206. reload
207. ;;
208. force-reload)
209. force_reload
210. ;;
211. condrestart|try-restart)
212. rh_status_q || exit 0
213. if [ -f $lockfile ] ; then
214. do_restart_sanity_check
215. if [ $RETVAL -eq 0 ] ; then
216. stop
217. # avoid race
218. sleep 3
219. start
220. else
221. RETVAL=6
222. fi
223. fi
224. ;;
225. status)
226. rh_status
227. RETVAL=$?
228. if [ $RETVAL -eq 3 -a -f $lockfile ] ; then
229. RETVAL=2
230. fi
231. ;;
232. *)
233. echo $"Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status}"
234. RETVAL=2
235. esac
236. exit $RETVAL