#!/bin/sh SSH_DIR="/etc/ssh" SSH_CONFIG="/etc/ssh/sshd_config" PASSWD_FILE="/etc/passwd" GROUP_FILE="/etc/group" VAR_EMPTY="/var/empty" SSHD_USER="sshd" SSHD_UID="74" SSHD_GID="74" check_ssh_keys() { if [ -f "$SSH_DIR/ssh_host_rsa_key" ] && \ [ -f "$SSH_DIR/ssh_host_dsa_key" ] && \ [ -f "$SSH_DIR/ssh_host_ecdsa_key" ] && \ [ -f "$SSH_DIR/ssh_host_ed25519_key" ]; then echo "SSH host keys already exist" return 0 else echo "SSH host keys missing" return 1 fi } check_sshd_user() { if grep -q "^$SSHD_USER:" "$PASSWD_FILE" 2>/dev/null; then echo "SSH user already exists in passwd" return 0 else echo "SSH user missing from passwd" return 1 fi } check_sshd_group() { if grep -q "^$SSHD_USER:" "$GROUP_FILE" 2>/dev/null; then echo "SSH group already exists" return 0 else echo "SSH group missing" return 1 fi } check_var_empty() { if [ -d "$VAR_EMPTY" ]; then echo "Directory $VAR_EMPTY already exists" return 0 else echo "Directory $VAR_EMPTY missing" return 1 fi } check_ssh_config() { local root_login_ok=0 local pass_auth_ok=0 if grep -q "^PermitRootLogin yes" "$SSH_CONFIG" 2>/dev/null; then root_login_ok=1 fi if grep -q "^PasswordAuthentication yes" "$SSH_CONFIG" 2>/dev/null; then pass_auth_ok=1 fi if [ $root_login_ok -eq 1 ] && [ $pass_auth_ok -eq 1 ]; then echo "SSH config already properly configured" return 0 else echo "SSH config needs updating" return 1 fi } setup_ssh_directory() { echo "Creating SSH directory..." mkdir -p "$SSH_DIR" } generate_ssh_keys() { echo "Generating SSH host keys..." ssh-keygen -A } setup_sshd_user() { echo "Adding sshd user to passwd..." echo "$SSHD_USER:x:$SSHD_UID:$SSHD_GID:Privilege-separated SSH:$VAR_EMPTY:/bin/false" >> "$PASSWD_FILE" } setup_sshd_group() { echo "Adding sshd group..." echo "$SSHD_USER:x:$SSHD_GID:" >> "$GROUP_FILE" } setup_var_empty() { echo "Creating $VAR_EMPTY directory..." mkdir -p "$VAR_EMPTY" chmod 755 "$VAR_EMPTY" } configure_ssh() { echo "Configuring SSH settings..." sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin yes/' "$SSH_CONFIG" sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication yes/' "$SSH_CONFIG" } start_sshd() { echo "Setting LD_LIBRARY_PATH and starting sshd..." export LD_LIBRARY_PATH=/mnt/UDISK:$LD_LIBRARY_PATH if pgrep -f "/usr/sbin/sshd" >/dev/null 2>&1; then echo "sshd is already running" return 0 fi /usr/sbin/sshd if [ $? -eq 0 ]; then echo "sshd started successfully" return 0 else echo "Failed to start sshd" return 1 fi } stop_sshd() { echo "Stopping sshd..." PIDS=$(pgrep -f "/usr/sbin/sshd") if [ -n "$PIDS" ]; then echo "Killing sshd processes: $PIDS" kill $PIDS 2>/dev/null sleep 1 PIDS=$(pgrep -f "/usr/sbin/sshd") if [ -n "$PIDS" ]; then echo "Force killing remaining processes: $PIDS" kill -9 $PIDS 2>/dev/null fi echo "sshd stopped" else echo "sshd not running" fi } init_ssh() { echo "Initializing SSH service..." # Check if SSH directory exists if [ ! -d "$SSH_DIR" ]; then setup_ssh_directory fi # Check and generate SSH keys if needed if ! check_ssh_keys; then generate_ssh_keys fi # Check and add sshd user if needed if ! check_sshd_user; then setup_sshd_user fi # Check and add sshd group if needed if ! check_sshd_group; then setup_sshd_group fi # Check and create var/empty if needed if ! check_var_empty; then setup_var_empty fi # Check and configure SSH if needed if ! check_ssh_config; then configure_ssh fi echo "SSH initialization complete" } case "$1" in start) init_ssh start_sshd ;; stop) stop_sshd ;; restart) stop_sshd sleep 1 init_ssh start_sshd ;; init) init_ssh ;; status) if pgrep -f "/usr/sbin/sshd" >/dev/null 2>&1; then echo "sshd is running" else echo "sshd is not running" fi ;; *) echo "Usage: $0 {start|stop|restart|init|status}" exit 1 ;; esac