08f9072513
- Update of the underlying OpenSSH to 6.5p1
- Update to 6.5p1
Features since 6.4p1:
* ssh(1), sshd(8): support for key exchange using ECDH in
Daniel Bernstein's Curve25519; default when both the client
and server support it.
* ssh(1), sshd(8): support for Ed25519 as a public key type fo
rboth server and client. Ed25519 is an EC signature offering
better security than ECDSA and DSA and good performance.
* Add a new private key format that uses a bcrypt KDF to better
protect keys at rest. Used unconditionally for Ed25519 keys,
on demand for other key types via the -o ssh-keygen(1)
option. Intended to become default in the near future.
Details documented in PROTOCOL.key.
* ssh(1), sshd(8): new transport cipher
"chacha20-poly1305@openssh.com" combining Daniel Bernstein's
ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode. Details documented
PROTOCOL.chacha20poly1305.
* ssh(1), sshd(8): refuse RSA keys from old proprietary clients
and servers that use the obsolete RSA+MD5 signature scheme.
It will still be possible to connect with these
clients/servers but only DSA keys will be accepted, and
OpenSSH will refuse connection entirely in a future release.
* ssh(1), sshd(8): refuse old proprietary clients and servers
that use a weaker key exchange hash calculation.
* ssh(1): increase the size of the Diffie-Hellman groups
requested for each symmetric key size. New values from NIST
Special Publication 800-57 with the upper limit specified by
OBS-URL: https://build.opensuse.org/request/show/222365
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=63
151 lines
4.1 KiB
Bash
151 lines
4.1 KiB
Bash
#! /bin/sh
|
|
# Copyright (c) 1995-2013 SuSE GmbH Nuernberg, Germany.
|
|
#
|
|
# Author: Jiri Smid <feedback@suse.de>
|
|
#
|
|
# /etc/init.d/sshd
|
|
#
|
|
# and symbolic its link
|
|
#
|
|
# /usr/sbin/rcsshd
|
|
#
|
|
### BEGIN INIT INFO
|
|
# Provides: sshd
|
|
# Required-Start: $network $remote_fs
|
|
# Required-Stop: $network $remote_fs
|
|
# Should-Start: haveged auditd
|
|
# Default-Start: 3 5
|
|
# Default-Stop: 0 1 2 6
|
|
# Description: Start the sshd daemon
|
|
### END INIT INFO
|
|
|
|
SSHD_BIN=/usr/sbin/sshd
|
|
test -x $SSHD_BIN || exit 5
|
|
|
|
SSHD_SYSCONFIG=/etc/sysconfig/ssh
|
|
test -r $SSHD_SYSCONFIG || exit 6
|
|
. $SSHD_SYSCONFIG
|
|
|
|
SSHD_PIDFILE=/var/run/sshd.init.pid
|
|
|
|
. /etc/rc.status
|
|
|
|
# Shell functions sourced from /etc/rc.status:
|
|
# rc_check check and set local and overall rc status
|
|
# rc_status check and set local and overall rc status
|
|
# rc_status -v ditto but be verbose in local rc status
|
|
# rc_status -v -r ditto and clear the local rc status
|
|
# rc_failed set local and overall rc status to failed
|
|
# rc_reset clear local rc status (overall remains)
|
|
# rc_exit exit appropriate to overall rc status
|
|
|
|
function soft_stop () {
|
|
echo -n "Shutting down the listening SSH daemon"
|
|
killproc -p $SSHD_PIDFILE -TERM $SSHD_BIN
|
|
}
|
|
|
|
function force_stop () {
|
|
echo -n "Shutting down SSH daemon *with all active connections*"
|
|
trap '' TERM
|
|
killall sshd 2>/dev/null
|
|
trap - TERM
|
|
}
|
|
|
|
# First reset status of this service
|
|
rc_reset
|
|
|
|
case "$1" in
|
|
start)
|
|
/usr/sbin/sshd-gen-keys-start
|
|
echo -n "Starting SSH daemon"
|
|
## Start daemon with startproc(8). If this fails
|
|
## the echo return value is set appropriate.
|
|
startproc -f -p $SSHD_PIDFILE $SSHD_BIN $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE"
|
|
|
|
# Remember status and be verbose
|
|
rc_status -v
|
|
;;
|
|
stop)
|
|
# If we're shutting down, kill active sshd connections so they're not
|
|
# left hanging.
|
|
runlevel=$(set -- $(runlevel); eval "echo \$$#")
|
|
if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
|
|
force_stop
|
|
else
|
|
soft_stop
|
|
fi
|
|
|
|
# Remember status and be verbose
|
|
rc_status -v
|
|
;;
|
|
soft-stop)
|
|
## Stop the listener daemon process with killproc(8) and if this
|
|
## fails set echo the echo return value.
|
|
soft_stop
|
|
|
|
# Remember status and be verbose
|
|
rc_status -v
|
|
;;
|
|
force-stop)
|
|
## stop all running ssh
|
|
force_stop
|
|
|
|
# Remember status and be verbose
|
|
rc_status -v
|
|
;;
|
|
try-restart)
|
|
## Stop the service and if this succeeds (i.e. the
|
|
## service was running before), start it again.
|
|
$0 status >/dev/null && $0 restart
|
|
|
|
# Remember status and be quiet
|
|
rc_status
|
|
;;
|
|
restart)
|
|
## Stop the service without closing live connections
|
|
## and start it again regardless of whether it was
|
|
## running or not
|
|
$0 soft-stop
|
|
$0 start
|
|
|
|
# Remember status and be quiet
|
|
rc_status
|
|
;;
|
|
force-reload|reload)
|
|
## Signal the daemon to reload its config. Most daemons
|
|
## do this on signal 1 (SIGHUP).
|
|
echo -n "Reload service sshd"
|
|
|
|
killproc -p $SSHD_PIDFILE -HUP $SSHD_BIN
|
|
|
|
rc_status -v
|
|
|
|
;;
|
|
status)
|
|
echo -n "Checking for service sshd "
|
|
## Check status with checkproc(8), if process is running
|
|
## checkproc will return with exit status 0.
|
|
|
|
# Status has a slightly different for the status command:
|
|
# 0 - service running
|
|
# 1 - service dead, but /var/run/ pid file exists
|
|
# 2 - service dead, but /var/lock/ lock file exists
|
|
# 3 - service not running
|
|
|
|
checkproc -p $SSHD_PIDFILE $SSHD_BIN
|
|
|
|
rc_status -v
|
|
;;
|
|
probe)
|
|
## Optional: Probe for the necessity of a reload,
|
|
## give out the argument which is required for a reload.
|
|
|
|
test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload
|
|
;;
|
|
*)
|
|
echo "Usage: $0 {start|stop|soft-stop|force-stop|status|try-restart|restart|force-reload|reload|probe}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
rc_exit
|