#!/bin/bash # # Init file for OpenSSH server daemon # # chkconfig: 2345 20 25 # description: OpenSSH server daemon # # processname: sshd # config: /etc/ssh/ssh_host_key # config: /etc/ssh/ssh_host_key.pub # config: /etc/ssh/ssh_random_seed # config: /etc/ssh/sshd_config # pidfile: /var/run/sshd.pid # source function library . /etc/rc.d/init.d/functions # pull in sysconfig settings [ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd RETVAL=0 prog="sshd" # Some functions to make the below more readable KEYGEN=/usr/bin/ssh-keygen SSHD=/usr/sbin/sshd # Begin cluster-ssh modifications if [ -z "$OCF_RESKEY_service_name" ]; then # # Normal / system-wide ssh configuration # RSA1_KEY=/etc/ssh/ssh_host_key RSA_KEY=/etc/ssh/ssh_host_rsa_key DSA_KEY=/etc/ssh/ssh_host_dsa_key PID_FILE=/var/run/sshd.pid else # # Per-service ssh configuration # RSA1_KEY=/etc/cluster/ssh/$OCF_RESKEY_service_name/ssh_host_key RSA_KEY=/etc/cluster/ssh/$OCF_RESKEY_service_name/ssh_host_rsa_key DSA_KEY=/etc/cluster/ssh/$OCF_RESKEY_service_name/ssh_host_dsa_key PID_FILE=/var/run/sshd-$OCF_RESKEY_service_name.pid CONFIG_FILE="/etc/cluster/ssh/$OCF_RESKEY_service_name/sshd_config" [ -n "$CONFIG_FILE" ] && OPTIONS="$OPTIONS -f $CONFIG_FILE" prog="$prog ($OCF_RESKEY_service_name)" fi [ -n "$PID_FILE" ] && OPTIONS="$OPTIONS -o PidFile=$PID_FILE" # End cluster-ssh modifications runlevel=$(set -- $(runlevel); eval "echo \$$#" ) do_rsa1_keygen() { if [ ! -s $RSA1_KEY ]; then echo -n $"Generating SSH1 RSA host key: " if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA1_KEY chmod 644 $RSA1_KEY.pub if [ -x /sbin/restorecon ]; then /sbin/restorecon $RSA1_KEY.pub fi success $"RSA1 key generation" echo else failure $"RSA1 key generation" echo exit 1 fi fi } do_rsa_keygen() { if [ ! -s $RSA_KEY ]; then echo -n $"Generating SSH2 RSA host key: " if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $RSA_KEY chmod 644 $RSA_KEY.pub if [ -x /sbin/restorecon ]; then /sbin/restorecon $RSA_KEY.pub fi success $"RSA key generation" echo else failure $"RSA key generation" echo exit 1 fi fi } do_dsa_keygen() { if [ ! -s $DSA_KEY ]; then echo -n $"Generating SSH2 DSA host key: " if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then chmod 600 $DSA_KEY chmod 644 $DSA_KEY.pub if [ -x /sbin/restorecon ]; then /sbin/restorecon $DSA_KEY.pub fi success $"DSA key generation" echo else failure $"DSA key generation" echo exit 1 fi fi } do_restart_sanity_check() { $SSHD -t RETVAL=$? if [ ! "$RETVAL" = 0 ]; then failure $"Configuration file or keys are invalid" echo fi } start() { # Create keys if necessary do_rsa1_keygen do_rsa_keygen do_dsa_keygen cp -af /etc/localtime /var/empty/sshd/etc echo -n $"Starting $prog: " $SSHD $OPTIONS && success || failure RETVAL=$? [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd echo } stop() { echo -n $"Stopping $prog: " # If we have a PID file, use it instead so we don't kill the wrong # instance of sshd. (Cluster) if [ -n "$PID_FILE" ]; then killproc -p $PID_FILE elif [ -n "`pidfileofproc $SSHD`" ] ; then killproc $SSHD else failure $"Stopping $prog" fi RETVAL=$? # if we are in halt or reboot runlevel kill all running sessions # so the TCP connections are closed cleanly if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then killall $prog 2>/dev/null fi [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd echo } reload() { echo -n $"Reloading $prog: " # If we have a PID file, use it instead so we don't kill the wrong # instance of sshd. (Cluster) if [ -n "$PID_FILE" ]; then killproc -p $PID_FILE -HUP elif [ -n "`pidfileofproc $SSHD`" ] ; then killproc $SSHD -HUP else failure $"Reloading $prog" fi RETVAL=$? echo } case "$1" in start) start ;; stop) stop ;; restart) stop start ;; reload) reload ;; condrestart) if [ -f /var/lock/subsys/sshd ] ; then do_restart_sanity_check if [ "$RETVAL" = 0 ] ; then stop # avoid race sleep 3 start fi fi ;; status) status $SSHD RETVAL=$? ;; *) echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}" RETVAL=1 esac exit $RETVAL