#!/bin/bash
-
+#
# Init file for OpenSSH server daemon
#
# chkconfig: 2345 55 25
# source function library
. /etc/rc.d/init.d/functions
+# pull in sysconfig settings
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+
RETVAL=0
+prog="sshd"
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
+SSHD=/usr/sbin/sshd
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
PID_FILE=/var/run/sshd.pid
+
do_rsa1_keygen() {
- if ! test -f $RSA1_KEY ; then
- echo -n "Generating SSH1 RSA host key: "
+ if [ ! -s $RSA1_KEY ]; then
+ echo -n $"Generating SSH1 RSA host key: "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
- success "RSA1 key generation"
+ chmod 600 $RSA1_KEY
+ chmod 644 $RSA1_KEY.pub
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $RSA1_KEY.pub
+ fi
+ success $"RSA1 key generation"
echo
else
- failure "RSA1 key generation"
+ failure $"RSA1 key generation"
echo
exit 1
fi
fi
}
+
do_rsa_keygen() {
- if ! test -f $RSA_KEY ; then
- echo -n "Generating SSH2 RSA host key: "
+ if [ ! -s $RSA_KEY ]; then
+ echo -n $"Generating SSH2 RSA host key: "
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
- success "RSA key generation"
+ chmod 600 $RSA_KEY
+ chmod 644 $RSA_KEY.pub
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $RSA_KEY.pub
+ fi
+ success $"RSA key generation"
echo
else
- failure "RSA key generation"
+ failure $"RSA key generation"
echo
exit 1
fi
fi
}
+
do_dsa_keygen() {
- if ! test -f $DSA_KEY ; then
- echo -n "Generating SSH2 DSA host key: "
+ if [ ! -s $DSA_KEY ]; then
+ echo -n $"Generating SSH2 DSA host key: "
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
- success "DSA key generation"
+ chmod 600 $DSA_KEY
+ chmod 644 $DSA_KEY.pub
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $DSA_KEY.pub
+ fi
+ success $"DSA key generation"
echo
else
- failure "DSA key generation"
+ failure $"DSA key generation"
echo
exit 1
fi
fi
}
+do_restart_sanity_check()
+{
+ $SSHD -t
+ RETVAL=$?
+ if [ ! "$RETVAL" = 0 ]; then
+ failure $"Configuration file or keys are invalid"
+ echo
+ fi
+}
+
+start()
+{
+ # Create keys if necessary
+ do_rsa1_keygen
+ do_rsa_keygen
+ do_dsa_keygen
+
+ echo -n $"Starting $prog:"
+ initlog -c "$SSHD $OPTIONS" && success || failure
+ RETVAL=$?
+ [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
+ echo
+}
+
+stop()
+{
+ echo -n $"Stopping $prog:"
+ killproc $SSHD -TERM
+ RETVAL=$?
+ [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
+ echo
+}
+
+reload()
+{
+ echo -n $"Reloading $prog:"
+ killproc $SSHD -HUP
+ RETVAL=$?
+ echo
+}
+
case "$1" in
start)
- # Create keys if necessary
- do_rsa1_keygen;
- do_rsa_keygen;
- do_dsa_keygen;
-
- echo -n "Starting sshd: "
- if [ ! -f $PID_FILE ] ; then
- sshd
- RETVAL=$?
- if [ "$RETVAL" = "0" ] ; then
- success "sshd startup"
- touch /var/lock/subsys/sshd
- else
- failure "sshd startup"
- fi
- fi
- echo
+ start
;;
stop)
- echo -n "Shutting down sshd: "
- if [ -f $PID_FILE ] ; then
- killproc sshd
- RETVAL=$?
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
- fi
- echo
+ stop
;;
restart)
- $0 stop
- $0 start
- RETVAL=$?
+ stop
+ start
+ ;;
+ reload)
+ reload
;;
condrestart)
if [ -f /var/lock/subsys/sshd ] ; then
- $0 stop
- $0 start
- RETVAL=$?
+ do_restart_sanity_check
+ if [ "$RETVAL" = 0 ] ; then
+ stop
+ # avoid race
+ sleep 3
+ start
+ fi
fi
;;
status)
- status sshd
+ status $SSHD
RETVAL=$?
;;
*)
- echo "Usage: sshd {start|stop|restart|status|condrestart}"
- exit 1
- ;;
+ echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
+ RETVAL=1
esac
-
exit $RETVAL