blob: 386628afc8f0cdea5c0907e47415a659e512ddea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
#! /bin/sh
set -e
PIDFILE=/var/run/sshd.pid
# source function library
. /etc/init.d/functions
# /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon
test -x /usr/sbin/sshd || exit 0
( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
if test -f /etc/default/ssh; then
. /etc/default/ssh
fi
[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
mkdir -p $SYSCONFDIR
parse_sshd_opts() {
set -- ${SSHD_OPTS} --
sshd_config=/etc/ssh/sshd_config
while true ; do
case "$1" in
-f*) if [ "$1" = "-f" ] ; then
sshd_config="$2"
shift
else
sshd_config="${1#-f}"
fi
shift
;;
--) shift; break;;
*) shift;;
esac
done
}
check_for_no_start() {
# forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
echo "OpenBSD Secure Shell server not in use ($SYSCONFDIR/sshd_not_to_be_run)"
exit 0
fi
}
check_privsep_dir() {
# Create the PrivSep empty dir if necessary
if [ ! -d /var/run/sshd ]; then
mkdir /var/run/sshd
chmod 0755 /var/run/sshd
fi
}
check_config() {
/usr/sbin/sshd -t $SSHD_OPTS || exit 1
}
check_keys() {
# parse location of keys
local HOST_KEY_RSA
local HOST_KEY_DSA
local HOST_KEY_ECDSA
local HOST_KEY_ED25519
parse_sshd_opts
HOST_KEY_RSA=$(grep ^HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$(grep HostKey "${sshd_config}" | grep _rsa_ | tail -1 | awk ' { print $2 } ')
[ -z "${HOST_KEY_RSA}" ] && HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
HOST_KEY_DSA=$(grep ^HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$(grep HostKey "${sshd_config}" | grep _dsa_ | tail -1 | awk ' { print $2 } ')
[ -z "${HOST_KEY_DSA}" ] && HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
HOST_KEY_ECDSA=$(grep ^HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$(grep HostKey "${sshd_config}" | grep _ecdsa_ | tail -1 | awk ' { print $2 } ')
[ -z "${HOST_KEY_ECDSA}" ] && HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
HOST_KEY_ED25519=$(grep ^HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$(grep HostKey "${sshd_config}" | grep _ed25519_ | tail -1 | awk ' { print $2 } ')
[ -z "${HOST_KEY_ED25519}" ] && HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
# create keys if necessary
if [ ! -f $HOST_KEY_RSA ]; then
echo " generating ssh RSA key..."
mkdir -p $(dirname $HOST_KEY_RSA)
ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
fi
if [ ! -f $HOST_KEY_ECDSA ]; then
echo " generating ssh ECDSA key..."
mkdir -p $(dirname $HOST_KEY_ECDSA)
ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
fi
if [ ! -f $HOST_KEY_DSA ]; then
echo " generating ssh DSA key..."
mkdir -p $(dirname $HOST_KEY_DSA)
ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
fi
if [ ! -f $HOST_KEY_ED25519 ]; then
echo " generating ssh ED25519 key..."
mkdir -p $(dirname $HOST_KEY_ED25519)
ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
fi
}
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
case "$1" in
start)
check_for_no_start
echo "Starting OpenBSD Secure Shell server: sshd"
check_keys
check_privsep_dir
start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
echo "done."
;;
stop)
echo -n "Stopping OpenBSD Secure Shell server: sshd"
start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd
echo "."
;;
reload|force-reload)
check_for_no_start
check_keys
check_config
echo -n "Reloading OpenBSD Secure Shell server's configuration"
start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd
echo "."
;;
restart)
check_keys
check_config
echo -n "Restarting OpenBSD Secure Shell server: sshd"
start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd
check_for_no_start
check_privsep_dir
sleep 2
start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
echo "."
;;
status)
status /usr/sbin/sshd
exit $?
;;
*)
echo "Usage: /etc/init.d/ssh {start|stop|status|reload|force-reload|restart}"
exit 1
esac
exit 0
|
