[gentoo-user] New openssh install message?

[gentoo-user] New openssh install message?

[Mark Knecht]

Hi,
   I don't remember seeing this message on previous openssh updates:

>>> Installing (1 of 1) net-misc/openssh-5.3_p1-r1
 * >>> SetUID: [chmod go-r] /usr/lib64/misc/ssh-keysign ...
              [ ok ]
 * Remember to merge your config files in /etc/ssh/ and then
 * reload sshd: '/etc/init.d/sshd reload'.

   Is this a new message or have I just missed in the past? I don't
know anywhere else for ssh configuration files to exist except
/etc/ssh and I normally just do

/etc/init.d/sshd restart

anytime it gets updated.

   Has anything changed about this? I'm updating a remote machine and
don't want to lose connectivity.

Thanks,
Mark

[gentoo-user] Re: New openssh install message?

[Nikos Chantziaras]

On 03/12/2010 09:07 PM, Mark Knecht wrote:
> Hi,
>     I don't remember seeing this message on previous openssh updates:
>
>>>> Installing (1 of 1) net-misc/openssh-5.3_p1-r1
>   *>>>  SetUID: [chmod go-r] /usr/lib64/misc/ssh-keysign ...
>                [ ok ]
>   * Remember to merge your config files in /etc/ssh/ and then
>   * reload sshd: '/etc/init.d/sshd reload'.
>
>     Is this a new message or have I just missed in the past? I don't
> know anywhere else for ssh configuration files to exist except
> /etc/ssh and I normally just do
>
> /etc/init.d/sshd restart
>
> anytime it gets updated.
>
>     Has anything changed about this? I'm updating a remote machine and
> don't want to lose connectivity.

Probably what the writer of that message meant is to update the config 
files with dispatch-conf and the like.  I don't know to what else 
"merge" could refer.

Re: [gentoo-user] Re: New openssh install message?

[Mark Knecht]

On Fri, Mar 12, 2010 at 11:16 AM, Nikos Chantziaras <realnc@arcor.de> wrote:
> On 03/12/2010 09:07 PM, Mark Knecht wrote:
>>
>> Hi,
>>    I don't remember seeing this message on previous openssh updates:
>>
>>>>> Installing (1 of 1) net-misc/openssh-5.3_p1-r1
>>
>>  *>>>  SetUID: [chmod go-r] /usr/lib64/misc/ssh-keysign ...
>>               [ ok ]
>>  * Remember to merge your config files in /etc/ssh/ and then
>>  * reload sshd: '/etc/init.d/sshd reload'.
>>
>>    Is this a new message or have I just missed in the past? I don't
>> know anywhere else for ssh configuration files to exist except
>> /etc/ssh and I normally just do
>>
>> /etc/init.d/sshd restart
>>
>> anytime it gets updated.
>>
>>    Has anything changed about this? I'm updating a remote machine and
>> don't want to lose connectivity.
>
> Probably what the writer of that message meant is to update the config files
> with dispatch-conf and the like.  I don't know to what else "merge" could
> refer.

Thanks. OK, so I did a restart and I can still ssh in so things seem OK.

Sometimes the international as[ect of Linux add extra confusion. I'm
sure it's perfectly clear to someone.

Cheers,
Mark

Re: [gentoo-user] New openssh install message?

[Mike Edenfield]

On 3/12/2010 2:07 PM, Mark Knecht wrote:
> Hi,
>    I don't remember seeing this message on previous openssh updates:
> 
>>>> Installing (1 of 1) net-misc/openssh-5.3_p1-r1
>  * >>> SetUID: [chmod go-r] /usr/lib64/misc/ssh-keysign ...
>               [ ok ]
>  * Remember to merge your config files in /etc/ssh/ and then
>  * reload sshd: '/etc/init.d/sshd reload'.
> 
>    Is this a new message or have I just missed in the past? I don't
> know anywhere else for ssh configuration files to exist except
> /etc/ssh and I normally just do

The message isn't new; every version of openssh in portage includes it
as part of the post-install.

As far as I can determine, it's just a reminder to restart ssh after
merging your config changes e.g. with conf-update or whatever you use,
so you can take advantage of whatever security bugfixes were present in
the new version.

--Mike

Re: [gentoo-user] Re: New openssh install message?

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 794 bytes --]

On Fri, 12 Mar 2010 11:23:16 -0800, Mark Knecht wrote:

> >>    Has anything changed about this? I'm updating a remote machine and
> >> don't want to lose connectivity.  
> >
> > Probably what the writer of that message meant is to update the
> > config files with dispatch-conf and the like.  I don't know to what
> > else "merge" could refer.  
> 
> Thanks. OK, so I did a restart and I can still ssh in so things seem OK.

With a remote machine, I always restart SSH, leave the current shell open
and open a new one from another terminal. The old session will continue
to work when you shut down sshd, so if the new install is somehow broken,
you still have the access you need to fix it.


-- 
Neil Bothwick

If you consult enough experts, you can confirm any opinion.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] Re: New openssh install message?

[Mark Knecht]

On Fri, Mar 12, 2010 at 3:02 PM, Neil Bothwick <neil@digimed.co.uk> wrote:
> On Fri, 12 Mar 2010 11:23:16 -0800, Mark Knecht wrote:
>
>> >>    Has anything changed about this? I'm updating a remote machine and
>> >> don't want to lose connectivity.
>> >
>> > Probably what the writer of that message meant is to update the
>> > config files with dispatch-conf and the like.  I don't know to what
>> > else "merge" could refer.
>>
>> Thanks. OK, so I did a restart and I can still ssh in so things seem OK.
>
> With a remote machine, I always restart SSH, leave the current shell open
> and open a new one from another terminal. The old session will continue
> to work when you shut down sshd, so if the new install is somehow broken,
> you still have the access you need to fix it.
>

Thanks Neil. That's exactly what I did, additionally logging in as a
different user that wasn't present before the restart.

Cheers,
Mark

Re: [gentoo-user] Re: New openssh install message?

[Alan McKinnon]

On Saturday 13 March 2010 01:02:12 Neil Bothwick wrote:
> On Fri, 12 Mar 2010 11:23:16 -0800, Mark Knecht wrote:
> > >>    Has anything changed about this? I'm updating a remote machine and
> > >> don't want to lose connectivity.
> > > 
> > > Probably what the writer of that message meant is to update the
> > > config files with dispatch-conf and the like.  I don't know to what
> > > else "merge" could refer.
> > 
> > Thanks. OK, so I did a restart and I can still ssh in so things seem OK.
> 
> With a remote machine, I always restart SSH, leave the current shell open
> and open a new one from another terminal. The old session will continue
> to work when you shut down sshd, so if the new install is somehow broken,

                   ^^^^^^^^^

restart

Some noobs might get confused ;-)


> you still have the access you need to fix it.

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Re: New openssh install message?

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 760 bytes --]

On Sat, 13 Mar 2010 01:15:24 +0200, Alan McKinnon wrote:

> > With a remote machine, I always restart SSH, leave the current shell
> > open and open a new one from another terminal. The old session will
> > continue to work when you shut down sshd, so if the new install is
> > somehow broken,  
> 
>                    ^^^^^^^^^
> 
> restart
> 
A restart is just a showdown followed by a start. I wrote shut down
because even if the restart fails and you have no sshd running, your
existing ssh session will continue to work while you fix the breakage.

> Some noobs might get confused ;-)

noobs shouldn't be administering Gentoo boxes remotely :P


-- 
Neil Bothwick

The severity of the itch is inversely proportional to the reach.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]