-----BEGIN PGP SIGNED MESSAGE-----
Fred Whipple wrote:
>SSH is now officially broken... the symptoms are:
>
>- If you /etc/rc.d/init.d/ssh restart, it will boot you and not restart
Probably because the script which performs this task was attached to
the terminal from which you ran it. When sshd died, so did your
session, and thus your terminal, and thus the script. The right way
to do that would be to use 'at' or 'cron' to do it for you.
Something as simple as this:
# at now
> /etc/init.d/sshd restart
^D
>- If you at that point telnet in (yuck) and /etc/rc.d/init.d/ssh start,
>it works
Because that session didn't depend on sshd. See above.
>- If you are ssh'd in and /etc/rc.d/init.d/ssh stop it will kill the
>daemon, leave your connection alone, but when you /etc/rc.d/init.d/ssh
>start again sshd will not start
The daemon spawns a child for each connection. You didn't kill them
all, as evidenced by the fact that you were still connected, which
means 22 was probably still in use.
>- RSA/DSA authentication does not work/is ignored. You can still use
>ssh to ssh into other systems before the upgrade which accept RSA/DSA
>authentication, however ssh'ing into an upgraded system does not work...
>despite proper configs
I haven't enountered that problem. Without detailed error messages and
your config files for both the client and the server, we can't be much
help here.
>Aren't we using Linux for stability and reliability here? Geeze, I'm so
>****in' tired of Red Hat releasing security updates to packages which
>break the packages, cause a ripple effect in services you're trying to
>provide in a production environment, and the rant lives on.
It is true that Red Hat sometimes needs a good smack, but in this
case, it sounds like mostly your errors. Updating sshd remotely is
tricky. If you really want to be fancy, run two servers: OpenSSH on
22 for everyone, and ssh.com on 24 for you alone, perhaps with only
key authentication. You can then work freely on 22 without losing
your connection.
- --
David Talkington
http://www.spotnet.org
PGP key: http://www.prairienet.org/~dtalk/dt000823.asc
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.75-6
iQEVAwUBOsY41b1ZYOtSwT+tAQGScwf9Fvses+c3wONUnVP4mCE4wHLdmDLeRErW
CAav5oME5y6jjYteWdGut5ql4qdWSmZiYK6wd5RFf9oa8/Qpf8ddEo2+uApvCeg2
n8T3XfrcsGLUEEJVWrgIsliEHkzJIp5LU9RhmnCyv1p45o4ZRJ20pncv1dtjkb+H
jZO7K8gwYJMJfCwtKByOFmC3psmR5WGvulAzj0qdrif6ZcWKjmzjfnx8m9EnSWmk
uBl0PyIL5G+M0px3LDExIMft1VBfLiUWGSCy+0KWNKhMG1QNCXvhv+9bosFCkYwY
ouuZK+JK0uVGkuX7dWFEC535yMvQU3qw2iePL6B0G7CVQfNavg9y/A==
=maLD
-----END PGP SIGNATURE-----
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
