| # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Start sshd to allow remote network login" |
| author "chromium-os-dev@chromium.org" |
| |
| # This must start after the iptables job so that when we enable |
| # port 22 below, the change won't be overwritten. |
| # |
| # By default, this job is only configured to start automatically in |
| # test images. |
| #for_test start on stopped iptables and stopped ip6tables and starting failsafe |
| respawn |
| |
| pre-start script |
| SSH_DIR=/mnt/stateful_partition/etc/ssh |
| mkdir -p ${SSH_DIR} |
| |
| if ! sshd -t > /dev/null ; then |
| # sshd will not start with current config, generate a new set of keys. |
| for KEY_TYPE in rsa dsa ; do |
| KEY_FILE=${SSH_DIR}/ssh_host_${KEY_TYPE}_key |
| # If keys exist delete them because they are not valid and ssh-keygen |
| # will not overwrite them. |
| rm -f ${KEY_FILE} ${KEY_FILE}.pub |
| ssh-keygen -q -f ${KEY_FILE} -N '' -t ${KEY_TYPE} || |
| logger -t "${UPSTART_JOB}" "Failed to generate ssh key." |
| done |
| fi |
| |
| for cmd in iptables ip6tables ; do |
| $cmd -A INPUT -p tcp --dport 22 -j ACCEPT || |
| logger -t "${UPSTART_JOB}" "Failed to configure $cmd." |
| done |
| end script |
| |
| expect fork |
| |
| # sshd refuses to execute unless invoked with a full path. Go figure. |
| exec /usr/sbin/sshd |
| |
| post-stop script |
| # For good hygiene, clean up on job stop. |
| for cmd in iptables ip6tables ; do |
| $cmd -D INPUT -p tcp --dport 22 -j ACCEPT || true |
| done |
| end script |
