Package: openssh-server
Version: 1:5.5p1-6+squeeze1
Severity: wishlist
Tags: patch
Several setups need different OpenSSH daemons to be run with different
config files. Usually this needs a rewrite of a renamed /etc/init.d/ssh
script, which could need some improvements. The handling of pid files is
done by the daemon itself and by the start-stop-daemon, changes of this
or of config files need to be edited at many places and so on.
An improved version of the init script is included. It is based upon the
script used in Debian Squeeze. It provides a few more detailed feedbacks
if it does not start, but the main feature is: it can be copied to any
name and this name will be used to look for default file and config file
and to construct pid file and pid dir.
Example: copy it to /etc/init.d/ssh3
You may immediately run an instance of OpenSSH daemon with
config: /etc/ssh/ssh3d_config
default: /etc/default/ssh3
pid dir: /var/run/ssh3d
pid file: /var/run/ssh3d.pid
As an option you can change the binary to /usr/sbin/ssh3d if necessary
just by toggling some comments. A fallback check against overwrite of
pid file of the original OpenSSH daemon can be enabled.
Even the daemon dependent log string will vary with the script name.
The startup preventing file /etc/ssh/sshd_not_to_be_run will vary with
the script name, too.
--- snip ---
#! /bin/sh
### BEGIN INIT INFO
# Provides: sshd
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: OpenBSD Secure Shell server
### END INIT INFO
set -e
# /etc/init.d/ssh: start and stop the OpenBSD "secure shell(tm)" daemon 3rd
instance
# If used to start other instances of a OpenSSH daemon:
# Make sure it does not interfere with the regular ssh daemon
# Don't forget to change ``Provides:'' when starting another instance at boot
time via update-rc.d
check_conflict() {
if [ ${SSH_ID} = "ssh" ] ; then
echo "this instance conflicts with regular sshd instance"
exit 1
fi
}
check_conflict_pid() {
if [ ${PID_FILE} = "sshd.pid" ] ; then
echo "this instance conflicts with pidfile for the regular sshd
instance"
exit 1
fi
}
SSH_ID=${0##*/} # service is identified
by basename of this script
#SSH_ID="ssh" # comment or delete
this line for non-default ssh daemon
#check_conflict # uncomment this line
for non-default ssh daemons
SCRIPT_NAME="/etc/init.d/${SSH_ID}" # default:
/etc/init.d/ssh
DAEMON_PATH="/usr/sbin"
DAEMON_FILE="${SSH_ID}d" # this is a patched
binary with changed hardcoded pidfile value
DAEMON_NAME="${DAEMON_PATH}/sshd" # default:
/usr/sbin/sshd
#DAEMON_NAME="${DAEMON_PATH}/${DAEMON_FILE}" # uncomment to use a
patched version for non-default ssh daemon
# or a symlink to
original sshd
PID_DIR="/var/run/${DAEMON_FILE}" # not PATH but DIR # default: /var/run/sshd
PID_FILE="${PID_DIR}.pid" # default:
/var/run/sshd.pid
# if not set, pidfile
will default to hardcoded deamon value
#check_conflict_pid # uncomment this line
for non-default ssh daemons
DEFAULT_PATH="/etc/default"
DEFAULT_FILE=${SSH_ID} # default: ssh
DEFAULT_NAME="${DEFAULT_PATH}/${DEFAULT_FILE}" # default:
/etc/default/ssh
CONFIG_PATH="/etc/ssh"
CONFIG_FILE="${DAEMON_FILE}_config"
CONFIG_NAME="${CONFIG_PATH}/${CONFIG_FILE}" # default:
/etc/ssh/sshd_config
NOT_TO_RUN_CHECK="${CONFIG_PATH}/${DAEMON_FILE}_not_to_be_run"
# default:
/etc/ssh/sshd_not_to_be_run
LOG_ACTION_MSG="OpenBSD Secure Shell server not in use
(${CONFIG_PATH}/${DAEMON_FILE}_not_to_be_run)"
# default:
# "OpenBSD Secure Shell
server not in use (/etc/ssh/sshd_not_to_be_run)"
DAEMON_NAME_EXISTS_EXECUTABLE=1
test -x ${DAEMON_NAME} || DAEMON_NAME_EXISTS_EXECUTABLE=0
if [ ${DAEMON_NAME_EXISTS_EXECUTABLE} = 0 ] ; then
echo "No executable daemon file"
exit 1
fi
DAEMON_IS_OPENSSH=1
#( ${DAEMON_NAME} -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || (echo "no OpenSSH
daemon" && exit 0)
( ${DAEMON_NAME} -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || DAEMON_IS_OPENSSH=0
if [ ${DAEMON_IS_OPENSSH} = 0 ] ; then
echo "Not an OpenSSH daemon"
exit 1
fi
umask 022
if test -f ${DEFAULT_NAME}; then
. ${DEFAULT_NAME}
fi
.. /lib/lsb/init-functions
if [ -n "$2" ]; then
SSHD_OPTS="$SSHD_OPTS $2"
fi
# Now force an pidfile
SSHD_OPTS="$SSHD_OPTS -o PidFile=${PID_FILE}"
# Are we running from init?
run_by_init() {
([ "$previous" ] && [ "$runlevel" ]) || [ "$runlevel" = S ]
}
check_for_no_start() {
# forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
if [ -e ${NOT_TO_RUN_CHECK} ]; then
if [ "$1" = log_end_msg ]; then
log_end_msg 0
fi
if ! run_by_init; then
log_action_msg "${LOG_ACTION_MSG}"
fi
exit 0
fi
}
check_dev_null() {
if [ ! -c /dev/null ]; then
if [ "$1" = log_end_msg ]; then
log_end_msg 1 || true
fi
if ! run_by_init; then
log_action_msg "/dev/null is not a character device!"
fi
exit 1
fi
}
check_privsep_dir() {
# Create the PrivSep empty dir if necessary
if [ ! -d ${PID_DIR} ]; then
mkdir ${PID_DIR}
chmod 0755 ${PID_DIR}
fi
}
check_config() {
if [ ! -e ${NOT_TO_RUN_CHECK} ]; then
${DAEMON_NAME} $SSHD_OPTS -t || exit 1
fi
}
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin:/usr/local/sbin"
case "$1" in
start)
check_privsep_dir
check_for_no_start
check_dev_null
log_daemon_msg "Starting OpenBSD Secure Shell server" "${DAEMON_FILE}"
if start-stop-daemon --start --quiet --oknodo --pidfile ${PID_FILE}
--exec ${DAEMON_NAME} -- $SSHD_OPTS -f ${CONFIG_NAME}; then
log_end_msg 0
else
log_end_msg 1
fi
;;
stop)
log_daemon_msg "Stopping OpenBSD Secure Shell server" "${DAEMON_FILE}"
if start-stop-daemon --stop --quiet --oknodo --pidfile ${PID_FILE}; then
log_end_msg 0
else
log_end_msg 1
fi
;;
reload|force-reload)
check_for_no_start
check_config
log_daemon_msg "Reloading OpenBSD Secure Shell server's configuration"
"${DAEMON_FILE}"
if start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile
${PID_FILE} --exec ${DAEMON_NAME} -- -f ${CONFIG_NAME}; then
log_end_msg 0
else
log_end_msg 1
fi
;;
restart)
check_privsep_dir
check_config
log_daemon_msg "Restarting OpenBSD Secure Shell server" "${DAEMON_FILE}"
start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile
${PID_FILE}
check_for_no_start log_end_msg
check_dev_null log_end_msg
if start-stop-daemon --start --quiet --oknodo --pidfile ${PID_FILE}
--exec ${DAEMON_NAME} -- $SSHD_OPTS -f ${CONFIG_NAME}; then
log_end_msg 0
else
log_end_msg 1
fi
;;
try-restart)
check_privsep_dir
check_config
log_daemon_msg "Restarting OpenBSD Secure Shell server" "${DAEMON_FILE}"
set +e
start-stop-daemon --stop --quiet --retry 30 --pidfile ${CONFIG_NAME}
RET="$?"
set -e
case $RET in
0)
# old daemon stopped
check_for_no_start log_end_msg
check_dev_null log_end_msg
if start-stop-daemon --start --quiet --oknodo --pidfile
${PID_FILE} --exec ${DAEMON_NAME} -- $SSHD_OPTS -f ${CONFIG_NAME}; then
log_end_msg 0
else
log_end_msg 1
fi
;;
1)
# daemon not running
log_progress_msg "(not running)"
log_end_msg 0
;;
*)
# failed to stop
log_progress_msg "(failed to stop)"
log_end_msg 1
;;
esac
;;
status)
status_of_proc -p ${PID_FILE} ${DAEMON_NAME} ${SSH_ID} && exit 0 ||
exit $?
;;
*)
log_action_msg "Usage: ${SCRIPT_NAME}
{start|stop|reload|force-reload|restart|try-restart|status}"
exit 1
esac
exit 0
--- snap ---
-- System Information:
Debian Release: 6.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-server depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2. 1.5.36.1 Debian configuration management sy
ii dpkg 1.15.8.12 Debian package management system
ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-4stable1 common error description library
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - k
ii libkrb5-3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries
ii libpam-modules 1.1.1-6.1+squeeze1 Pluggable Authentication Modules f
ii libpam-runtime 1.1.1-6.1+squeeze1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l
ii libselinux1 2.0.96-1 SELinux runtime shared libraries
ii libssl0.9.8 0.9.8o-4squeeze7 SSL shared libraries
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-client 1:5.5p1-6+squeeze1 secure shell (SSH) client, for sec
ii procps 1:3.2.8-9 /proc file system utilities
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages openssh-server recommends:
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.4-1 X authentication utility
Versions of packages openssh-server suggests:
pn molly-guard <none> (no description available)
pn rssh <none> (no description available)
pn ssh-askpass <none> (no description available)
pn ufw <none> (no description available)
-- debconf information excluded
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
http://lists.debian.org/20120405203149.24498.88490.report...@xennosec.local.vorratsdatenspeicherung.de
