From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IUsHo-0007wR-B7 for garchives@archives.gentoo.org; Mon, 10 Sep 2007 23:03:21 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l8AMsvIY000650; Mon, 10 Sep 2007 22:54:57 GMT Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.248]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l8AMoRaY028444 for ; Mon, 10 Sep 2007 22:50:31 GMT Received: by an-out-0708.google.com with SMTP id c8so198064ana for ; Mon, 10 Sep 2007 15:50:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=NxDHAEW5vqGJeSMYqfgE+4Vq8mf5QEUavJ7TNXYE4CU=; b=GNn1j5uDPFbRkvnmFaneJEVzr+lL525psZh5WAM3932aOzSKXMcIZW4KquEce2OWacq5En2Ii+7Acn87Dlk/OfCAT3h/8wvifNjnW8OIfnb0ohTVr/Bu27N5QfDRCAXCiFIsmGzAWularRt8+punQxD+JE02aOzBRMOebCVWydY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZA5WCq+reLNyiK/HoH4yJCDfwTHl/b2WtdbeAa2w7xCKkmz3JJmYUS0ijbV6mQzXRWOovSevqpXrPGNGgACktZhroNETcSk3W9UgtkLs8JuMX6VVHOUGKW9R6CyEYjDsf9XePCs6qN4R5xwa4MRhTA7LwNQ29TdrfqwGFBHxpxw= Received: by 10.100.135.16 with SMTP id i16mr5383623and.1189464626410; Mon, 10 Sep 2007 15:50:26 -0700 (PDT) Received: by 10.100.95.6 with HTTP; Mon, 10 Sep 2007 15:50:26 -0700 (PDT) Message-ID: Date: Mon, 10 Sep 2007 17:50:26 -0500 From: "Stephen Wittig" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] SSH won't restart In-Reply-To: <46E598B1.9080606@buanzo.com.ar> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10709080840k4f64df08r1f3ba9a4e3b4f031@mail.gmail.com> <46E2E590.8030207@usa.net> <49bf44f10709100958jd3516d7tbdf5bf1e804f412f@mail.gmail.com> <46E5877E.1030702@buanzo.com.ar> <46E598B1.9080606@buanzo.com.ar> X-Archives-Salt: 16e464c3-915b-4a4a-a7f0-ca39db1fb01b X-Archives-Hash: 9979fab357c8c31b3e8431ecf2ab4f53 Yes, accessing the machine via telnet over an encrypted VPN connection is a safe way to access the box, but given the setup that Grant was describing it did not sound like he had a encrypted VPN setup to telnet over. I also agree that having a secondary way of accessing the box, that is secure, is an important factor when updating a remote server (whether that be another encrypted connection or people you can contact locally in the data center). Other people had already suggested starting a copy of the server manually on the a different port. For Grant: I reread the init script for sshd, and I know see what was most likely the problem. The init script, now, tries to kill all instances with the process name of sshd, not just the daemon (as specified by the pid file). This is why you were locked out when trying to restart the daemon. If you can restart the machine, everything should be working fine after a reboot. This behavior differs from every other distro of linux that I have used, and with previous versions of the init script. Sorry I missed that before emailing the list last time. Complete Side Note: Does anyone know where to issue a bug report to try to have this behavior changed. The correct (and more widely) seen behavior of restart for sshd should be something similar to: start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile "${SSHD_PIDFILE}" On 9/10/07, Arturo 'Buanzo' Busleiman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Stephen Wittig wrote: > > Killing the ssh daemon does not effect any of the existing > > connections. The ssh daemon is used to listen for new connections and > > create a process to handle communications with that request. That is > > why when you update configuration parameters for sshd, they do not > > take effect until the next connection. > > In an ideal world, yes. But humans tend to make mistakes. Grant is now locked-out of his system > because of messing around with conditional execution, kill and sshd all in the same command. > > > The problem with connecting to the server via telnet is that your > > password can be easily intercepted - which is one of the major reasons > > telnet has been depreciated. > > I use it over openvpn ;) > > COme on, 13 years of using Linux, I should've learned a couple of tricks already :P > > - -- > Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica > Servicios Ofrecidos: http://www.buanzo.com.ar/pro/ > Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFG5ZixAlpOsGhXcE0RCiyMAJwNTQKn52VKaHS+/uwGkOYQSuqB+gCfcMSn > fhr6kAdDLTDVAF63dLxFgv0= > =GMM7 > -----END PGP SIGNATURE----- > -- > gentoo-user@gentoo.org mailing list > > -- gentoo-user@gentoo.org mailing list