On Wed, Nov 28, 2012 at 08:28:10AM +0100, Alexander Hall wrote:
> Make sure new config is valid before SIGHUP'ing sshd, which would
> otherwise just kill it. Invalid configuration now gives:
>
> # pgrep sshd
> 18998
> # /etc/rc.d/sshd reload
> sshd(failed)
> # pgrep sshd
> 18998
>
> Pros: Less risk of accidentally killing sshd and locking yourself out.
> Cons: You may think that you have made changes that have not taken
> effect, and will still screw you after a reboot.
That is not a con anyway, because if you currently reboot the machine
with the a broken config, the effect will be the same. So before or
after your patch you still have to check if things went okay, but at
least with this patch you won't lock yourself out on reload.
> I think the pros win anyway.
>
> OK?
I like this. Okay by me.
>
> /Alexander
>
> Index: rc.d/sshd
> ===================================================================
> RCS file: /data/openbsd/cvs/src/etc/rc.d/sshd,v
> retrieving revision 1.1
> diff -u -p -r1.1 sshd
> --- rc.d/sshd 6 Jul 2011 18:55:36 -0000 1.1
> +++ rc.d/sshd 28 Nov 2012 00:27:01 -0000
> @@ -6,4 +6,8 @@ daemon="/usr/sbin/sshd"
> . /etc/rc.d/rc.subr
> +rc_reload() {
> + ${daemon} ${daemon_flags} -t && pkill -HUP -f "^${pexp}"
> +}
> +
> rc_cmd $1
