#!/bin/sh
-# Filename: /etc/init.d/ssh
-# Purpose: start and stop the OpenBSD "secure shell(tm)" daemon including keyeneration
-# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
-# Bug-Reports: see http://grml.org/bugs/
-# License: This file is licensed under the GPL v2.
-# Latest change: Mon Jul 11 01:26:29 CEST 2005 [mika]
-################################################################################
+
+### BEGIN INIT INFO
+# Provides: sshd
+# Required-Start: $network $local_fs $remote_fs
+# Required-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: OpenBSD Secure Shell server
+### END INIT INFO
+
+# Notice: this file has been adjusted by the grml team so
+# the script supports key-generation for ssh as well
+
+set -e
+
+# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon
test -x /usr/sbin/sshd || exit 0
( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
-# forget it if we're trying to start, and /etc/ssh/NOSERVER exists
-if expr "$1" : '.*start$' >/dev/null && [ -e /etc/ssh/NOSERVER ]; then
- echo "Not starting OpenBSD Secure Shell server (/etc/ssh/NOSERVER)"
- exit 0
+if test -f /etc/default/ssh; then
+ . /etc/default/ssh
fi
+. /lib/lsb/init-functions
+
# Configurable options:
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
-case "$1" in
- start)
- test -f /etc/ssh/sshd_not_to_be_run && exit 0
- if ! test -f $RSA1_KEY ; then
- echo "Generating SSH1 RSA host key..."
- $KEYGEN -t rsa1 -f $RSA1_KEY -C '' -N '' || exit 1
+# Are we running from init?
+run_by_init() {
+ ([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
+}
+
+check_for_no_start() {
+ # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
+ if [ -e /etc/ssh/sshd_not_to_be_run ]; then
+ if [ "$1" = log_end_msg ]; then
+ log_end_msg 0
+ fi
+ if ! run_by_init; then
+ log_action_msg "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
+ fi
+ exit 0
fi
- if ! test -f $RSA_KEY ; then
- echo "Generating SSH RSA host key..."
- $KEYGEN -t rsa -f $RSA_KEY -C '' -N '' || exit 1
+}
+
+check_dev_null() {
+ if [ ! -c /dev/null ]; then
+ if [ "$1" = log_end_msg ]; then
+ log_end_msg 1 || true
+ fi
+ if ! run_by_init; then
+ log_action_msg "/dev/null is not a character device!"
+ fi
+ exit 1
fi
- if ! test -f $DSA_KEY ; then
- echo "Generating SSH2 DSA host key..."
- $KEYGEN -t dsa -f $DSA_KEY -C '' -N '' || exit 1
+}
+
+check_privsep_dir() {
+ # Create the PrivSep empty dir if necessary
+ if [ ! -d /var/run/sshd ]; then
+ mkdir /var/run/sshd
+ chmod 0755 /var/run/sshd
+ fi
+}
+
+check_config() {
+ if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
+ /usr/sbin/sshd -t || exit 1
fi
- echo -n "Starting OpenBSD Secure Shell server: sshd"
- start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
- echo "."
+}
+
+export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
+
+case "$1" in
+ start)
+ check_for_no_start
+ check_dev_null
+ if ! test -f $RSA1_KEY ; then
+ echo "Generating SSH1 RSA host key..."
+ $KEYGEN -t rsa1 -f $RSA1_KEY -C '' -N '' || exit 1
+ fi
+ if ! test -f $RSA_KEY ; then
+ echo "Generating SSH RSA host key..."
+ $KEYGEN -t rsa -f $RSA_KEY -C '' -N '' || exit 1
+ fi
+ if ! test -f $DSA_KEY ; then
+ echo "Generating SSH2 DSA host key..."
+ $KEYGEN -t dsa -f $DSA_KEY -C '' -N '' || exit 1
+ fi
+ log_daemon_msg "Starting OpenBSD Secure Shell server" "sshd"
+ check_privsep_dir
+ if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
;;
stop)
- echo -n "Stopping OpenBSD Secure Shell server: sshd"
- start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
- echo "."
+ log_daemon_msg "Stopping OpenBSD Secure Shell server" "sshd"
+ if start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
;;
reload|force-reload)
- test -f /etc/ssh/sshd_not_to_be_run && exit 0
- echo -n "Reloading OpenBSD Secure Shell server's configuration"
- start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
- echo "."
+ check_for_no_start
+ check_config
+ log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration" "sshd"
+ if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
;;
restart)
- test -f /etc/ssh/sshd_not_to_be_run && exit 0
- echo -n "Restarting OpenBSD Secure Shell server: sshd"
- start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
- sleep 10
- start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd
- echo "."
+ check_privsep_dir
+ check_config
+ log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd"
+ start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile /var/run/sshd.pid
+ check_for_no_start log_end_msg
+ check_dev_null log_end_msg
+ if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+
+ try-restart)
+ check_privsep_dir
+ check_config
+ log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd"
+ set +e
+ start-stop-daemon --stop --quiet --retry 30 --pidfile /var/run/sshd.pid
+ RET="$?"
+ set -e
+ case $RET in
+ 0)
+ # old daemon stopped
+ check_for_no_start log_end_msg
+ check_dev_null log_end_msg
+ if start-stop-daemon --start --quiet --oknodo --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd -- $SSHD_OPTS; then
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+ 1)
+ # daemon not running
+ log_progress_msg "(not running)"
+ log_end_msg 0
+ ;;
+ *)
+ # failed to stop
+ log_progress_msg "(failed to stop)"
+ log_end_msg 1
+ ;;
+ esac
;;
*)
- echo "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart}"
+ log_action_msg "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart|try-restart}"
exit 1
esac
projects / grml-etc.git / commitdiff