[grml-etc.git] / etc / init.d / ssh

#!/bin/sh

### BEGIN INIT INFO
# Provides:             sshd
# Required-Start:       $remote_fs $syslog
# Required-Stop:        $remote_fs $syslog
# Default-Start:        2 3 4 5
# Default-Stop:         1
# Short-Description:    OpenBSD Secure Shell server
### END INIT INFO

# Notice: this file has been adjusted by the Grml team so
# the script supports key-generation for ssh

set -e

# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon

test -x /usr/sbin/sshd || exit 0
( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0

export SSHD_OOM_ADJUST=-17
if test -f /etc/default/ssh; then
    . /etc/default/ssh
fi

# Are we in a virtual environment that doesn't support modifying
# /proc/self/oom_adj?
if grep -q 'envID:.*[1-9]' /proc/self/status; then
    unset SSHD_OOM_ADJUST
fi

. /lib/lsb/init-functions

if [ -n "$2" ]; then
    SSHD_OPTS="$SSHD_OPTS $2"
fi

# Configurable options:
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key

# Are we running from init?
run_by_init() {
    ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
}

check_for_no_start() {
    # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
    if [ -e /etc/ssh/sshd_not_to_be_run ]; then 
        if [ "$1" = log_end_msg ]; then
            log_end_msg 0
        fi
        if ! run_by_init; then
            log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
        fi
        exit 0
    fi
}

check_dev_null() {
    if [ ! -c /dev/null ]; then
        if [ "$1" = log_end_msg ]; then
            log_end_msg 1 || true
        fi
        if ! run_by_init; then
            log_action_msg "/dev/null is not a character device!"
        fi
        exit 1
    fi
}

check_privsep_dir() {
    # Create the PrivSep empty dir if necessary
    if [ ! -d /var/run/sshd ]; then
        mkdir /var/run/sshd
        chmod 0755 /var/run/sshd
    fi
}

check_config() {
    if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
        /usr/sbin/sshd $SSHD_OPTS -t || exit 1
    fi
}

export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"

case "$1" in
  start)
        check_privsep_dir
        check_for_no_start
        check_dev_null

        if ! test -f $RSA1_KEY ; then
           log_action_msg "Generating SSH1 RSA host key..."
           $KEYGEN -t rsa1 -f $RSA1_KEY -C '' -N '' || exit 1
        fi

        if ! test -f $RSA_KEY ; then
           log_action_msg "Generating SSH RSA host key..."
           $KEYGEN -t rsa -f $RSA_KEY -C '' -N '' || exit 1
        fi

        if ! test -f $DSA_KEY ; then
           log_action_msg "Generating SSH2 DSA host key..."
           $KEYGEN -t dsa -f $DSA_KEY -C '' -N '' || exit 1
        fi
        if ! test -f "$ECDSA_KEY" && grep -q "$ECDSA_KEY" /etc/ssh/sshd_config ; then
           log_action_msg "Generating SSH2 ECDSA host key..."
           $KEYGEN -t ecdsa -f "$ECDSA_KEY" -C '' -N '' || exit 1
        fi

        log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd"
        if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
        ;;
  stop)
        log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd"
        if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
        ;;

  reload|force-reload)
        check_for_no_start
        check_config
        log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd"
        if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
        ;;

  restart)
        check_privsep_dir
        check_config
        log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd"
        start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid
        check_for_no_start log_end_msg
        check_dev_null log_end_msg
        if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
            log_end_msg 0
        else
            log_end_msg 1
        fi
        ;;

  try-restart)
        check_privsep_dir
        check_config
        log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd"
        set +e
        start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd.pid
        RET="$?"
        set -e
        case $RET in
            0)
                # old daemon stopped
                check_for_no_start log_end_msg
                check_dev_null log_end_msg
                if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
                    log_end_msg 0
                else
                    log_end_msg 1
                fi
                ;;
            1)
                # daemon not running
                log_progress_msg "(not running)"
                log_end_msg 0
                ;;
            *)
                # failed to stop
                log_progress_msg "(failed to stop)"
                log_end_msg 1
                ;;
        esac
        ;;

  status)
        status_of_proc -p /var/run/sshd.pid /usr/sbin/sshd sshd && exit 0 || exit $?
        ;;

  *)
        log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart|status}"
        exit 1
esac

exit 0

## END OF FILE #################################################################