#!/bin/sh #---------------------------------------------------------------------------- # /etc/init.d/sshd - start/stop/status script for sshd # # Copyright (c) 2001-2005 Ansgar Püster # # Creation: 18.07.2002 jh # Last Update: $Id$ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------- # include eislib . /var/install/include/eislib # include inetlib . /var/install/include/inetlib # define constants # all times in seconds start_max_waittime=60 # start: maximum waittime start_sleep_time=2 # start: sleep time between checks stop_max_waittime=20 # stop: maximum waittime for each signal stop_sleep_time=2 # stop: sleep time between checks # include shell library . /etc/init.d/inet_shlib # MMODE=detailed validate_sshd_config() { invalid=0 valid_ips='' if [ "$SSH_LISTEN_ADDR_N" -gt "0" ] then [ "$MMODE" = 'detailed' ] && mecho -std "Checking sshd ListenAddress(es) ..." idx=1 while [ "$idx" -le "$SSH_LISTEN_ADDR_N" ] do eval laddr='$SSH_LISTEN_ADDR_'$idx if [ "$laddr" = '' ] then mecho -error "Empty Listenaddress SSH_LISTEN_ADDR_$idx ignored" else if [ "$laddr" -gt $IP_ETH_N ]; then mecho -error "SSH_LISTEN_ADDR_$idx ($laddr) is not defined in /etc/config.d/base" invalid=1 else # check number, substitution has to result in an empty string e_laddr=`echo "$laddr" | sed 's|[0-9]*||'` if [ "$e_laddr" != '' ] then mecho -error "Invalid SSH_LISTEN_ADDR_$idx ($laddr) ignored" else eval ipaddr=\${IP_ETH_${laddr}_IPADDR} act_ipaddr=`get_ipaddr $laddr` act_interface=`get_interface $laddr` if [ "$MMODE" = 'detailed' ]; then mecho -std "SSH_LISTEN_ADDR_$idx = $laddr" mecho -std "IP_ETH_${laddr}_IPADDR = $ipaddr" mecho -std "actual address = $act_ipaddr" mecho -std "actual interface = $act_interface" fi if [ "$ipaddr" = '' ] then mecho -error "Empty IP Address IP_ETH_${laddr}_IPADDR ignored" fi if [ ! "$act_ipaddr" = '' ]; then if [ ! "$ipaddr" = "$act_ipaddr" ]; then mecho -warn "Actual IP Address for interface $act_interface ($act_ipaddr) is different" mecho -warn "to the value ($ipaddr) found in /etc/config.d/base." mecho -warn "Actual IP Address will be used for sshd." ipaddr="$act_ipaddr" fi fi # valid address found if [ "$valid_ips" = '' ]; then valid_ips=$ipaddr else valid_ips="$valid_ips $ipaddr" fi grep "^ListenAddress $ipaddr" $sshd_config_file >/dev/null 2>&1 rc=$? if [ "$rc" != 0 ]; then #mecho -error "SSH_LISTEN_ADDR_$idx is invalid" invalid=1 fi fi fi idx=`/usr/bin/expr $idx + 1` fi done fi if [ "$invalid" = 1 ]; then mecho -error "Current ListenAddress settings for sshd are invalid" mecho -error "Creating new $sshd_config_file" cp $sshd_config_file $sshd_config_file.invalid grep -v '^ListenAddress' $sshd_config_file.invalid > $sshd_config_file # restore ListenAddress to localhost echo 'ListenAddress 127.0.0.1' >> $sshd_config_file if [ "$valid_ips" != '' ]; then mecho -error "Using IP-Addresses $valid_ips" for ipaddr in $valid_ips do echo "ListenAddress $ipaddr" >> $sshd_config_file done else mecho -error "Using IP-Address 0.0.0.0" echo "ListenAddress 0.0.0.0" >> $sshd_config_file fi fi } # ------------------------------------------------------------------------------ PATH=/bin:/usr/bin:/sbin:/usr/sbin trap "" SIGHUP trap "" SIGTERM # set variables basefile=/etc/config.d/base inetfile=/etc/config.d/inet sshd_config_file=/etc/sshd_config # test #basefile=./base #inetfile=./inet #sshd_config_file=./sshd_config # read configuration . $inetfile . $basefile case "$1" in start|forcestart) daemon=sshd if [ "$SSHD_START_METHOD" = 'st' ]; then [ "$1" = 'forcestart' ] && START_SSH='yes' if [ $START_SSH = 'yes' ]; then verify_pidfile $daemon.pid $daemon rc=$? case $rc in 0) mecho -std "$daemon daemon is already running" ;; 1) mecho -info "Starting $daemon daemon" validate_sshd_config /sbin/sshd -f /etc/sshd_config & check_start $daemon.pid $daemon $start_max_waittime $start_sleep_time ;; 2) mecho -info "Starting $daemon daemon" validate_sshd_config /sbin/sshd -f /etc/sshd_config & check_start $daemon.pid $daemon $start_max_waittime $start_sleep_time ;; *) mecho -error "internal error in verify_pidfile (RC=$rc)" ;; esac else mecho -std "START_SSH was set to 'no', $daemon not started" fi else mecho -std "SSHD_START_METHOD was configured as 'xi'" fi ;; stop) daemon=sshd killcmd=kill verify_pidfile $daemon.pid $daemon rc=$? case $rc in 0) mecho -info "Stopping $daemon daemon" kill_and_wait $daemon.pid $daemon $stop_max_waittime $stop_sleep_time $killcmd TERM INT HUP KILL ;; 1) [ "$MMODE" = 'detailed' ] && mecho -std "$daemon daemon is not running" ;; 2) ;; *) mecho -error "internal error in verify_pidfile (RC=$rc)" ;; esac ;; reload) $0 stop sleep 2 $0 start ;; status) daemon=sshd verify_pidfile $daemon.pid $daemon rc=$? case $rc in 0) PID=`cat /var/run/$daemon.pid` mecho -std "$daemon daemon is running (pid = $PID)" ;; 1) mecho -std "$daemon daemon is not running" if [ "$SSHD_START_METHOD" = 'xi' ]; then mecho -std "SSHD_START_METHOD was configured as 'xi'" fi ;; 2) ;; *) mecho -error "internal error in verify_pidfile (RC=$rc)" ;; esac ;; *) mecho -error "Usage: $0 {start|forcestart|stop|status|reload}" exit 1 ;; esac exit 0