spec file
Nigel Metheringham
Nigel.Metheringham at VData.co.uk
Tue Mar 7 20:37:13 EST 2000
mw at moni.msci.memphis.edu said:
> So I think, it is better to stop sshd every time the package is
> upgraded.
I agree - be slightly careful here in that you don't have (effectively)
a killall sshd here, because thats very embarassing if you are
upgrading a remote machine over a ssh session (I speak from experience).
> Also, the %post stanza for the server package, starts sshd. But what
> if the upgrade is done in single user mode? The sysV initscript does
> not check if networking is up---it just seems to start the service no
> matter what.
I'm unhappy about this - its a complete pain if you are installing ssh
as part of your machine build. You may also happen to be missing
decent entropy etc under these conditions. I personally modify the
spec & init.d files to do the key generation within the start part of
the init.d file. I guess if sshd *was* running then starting it again
is reasonable, otherwise do not start it.
Nigel.
--
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham at VData.co.uk ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]
More information about the openssh-unix-dev
mailing list