wok annotate openssh/stuff/openssh @ rev 25076
Up marlin (886)
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Tue Jun 14 08:17:07 2022 +0000 (2022-06-14) |
parents | 13813512f1db |
children |
rev | line source |
---|---|
pascal@860 | 1 #!/bin/sh |
al@18689 | 2 # /etc/init.d/openssh : Start, stop and restart OpenSSH server on SliTaz, at |
pascal@860 | 3 # boot time or with the command line. |
pascal@860 | 4 # |
pascal@860 | 5 # To start OpenSSH server at boot time, just put openssh in the $RUN_DAEMONS |
pascal@860 | 6 # variable of /etc/rcS.conf and configure options with /etc/daemons.conf |
pascal@860 | 7 # |
pascal@860 | 8 . /etc/init.d/rc.functions |
pascal@860 | 9 . /etc/daemons.conf |
pascal@860 | 10 |
pascal@860 | 11 NAME=OpenSSH |
al@19159 | 12 DESC="$(_ '%s server' OpenSSH)" |
pascal@860 | 13 DAEMON=/usr/sbin/sshd |
pascal@860 | 14 OPTIONS=$OPENSSH_OPTIONS |
pascal@860 | 15 PIDFILE=/var/run/sshd.pid |
pascal@860 | 16 |
pascal@16681 | 17 [ -d /var/run/sshd ] || mkdir -p /var/run/sshd |
al@18689 | 18 |
pascal@860 | 19 case "$1" in |
al@18689 | 20 start) |
al@18689 | 21 # We need rsa and dsa host key file to start dropbear. |
pascal@23868 | 22 for type in rsa dsa ecdsa ed25519 ; do |
pascal@20154 | 23 [ -s /etc/ssh/ssh_host_${type}_key ] && continue |
pascal@20061 | 24 _ 'Generating OpenSSH %s key... ' $type |
pascal@20061 | 25 ssh-keygen -t $type -f /etc/ssh/ssh_host_${type}_key -C '' -N '' |
pascal@20061 | 26 done |
al@18689 | 27 if active_pidfile $PIDFILE sshd ; then |
al@19159 | 28 _ '%s is already running.' $NAME |
al@18689 | 29 exit 1 |
al@18689 | 30 fi |
pascal@20061 | 31 if [ -n "$(which iptables)" ] && ! iptables -L | grep 'tcp dpt:ssh ' ; then |
pascal@20061 | 32 tcp22new='iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent' |
pascal@20061 | 33 $tcp22new --set --name DEFAULT --rsource |
pascal@20061 | 34 limit='--seconds 300 --hitcount 5 --name DEFAULT --rsource' |
pascal@20061 | 35 $tcp22new --update $limit -j LOG --log-prefix "SSH-Bruteforce : " |
pascal@20061 | 36 $tcp22new --update $limit -j DROP |
pascal@20061 | 37 fi |
al@19159 | 38 action 'Starting %s: %s...' "$DESC" $NAME |
al@18689 | 39 $DAEMON $OPTIONS |
al@18689 | 40 status |
al@18689 | 41 ;; |
al@18689 | 42 stop) |
al@18689 | 43 if ! active_pidfile $PIDFILE sshd ; then |
al@19159 | 44 _ '%s is not running.' $NAME |
al@18689 | 45 exit 1 |
al@18689 | 46 fi |
al@19159 | 47 action 'Stopping %s: %s...' "$DESC" $NAME |
al@18689 | 48 kill $(cat $PIDFILE) |
al@18689 | 49 status |
al@18689 | 50 ;; |
al@18689 | 51 restart) |
al@18689 | 52 if ! active_pidfile $PIDFILE sshd ; then |
al@19159 | 53 _ '%s is not running.' $NAME |
al@18689 | 54 exit 1 |
al@18689 | 55 fi |
al@19159 | 56 action 'Restarting %s: %s...' "$DESC" $NAME |
al@18689 | 57 kill $(cat $PIDFILE) |
al@18689 | 58 sleep 2 |
al@18689 | 59 $DAEMON $OPTIONS |
al@18689 | 60 status |
al@18689 | 61 ;; |
al@18689 | 62 *) |
al@19159 | 63 emsg "<n><b>$(_ 'Usage:')</b> $0 [start|stop|restart]" |
al@18689 | 64 newline |
al@18689 | 65 exit 1 |
al@18689 | 66 ;; |
pascal@860 | 67 esac |
pascal@860 | 68 |
pascal@860 | 69 exit 0 |