BadOption failures "annoying"

Jim Knoble jmknoble at
Sun Oct 7 19:17:05 EST 2001

Circa 2001-Oct-07 10:43:42 +0200 dixit Philipp Buehler:

: Uhuu.. the more 'automated process' the more point of possible failures.
: (see below also)

I disagree.  Processes that rely on humans are significantly more
error-prone than automated ones.  Viz.: "but ... sometimes you're in a
hurry."  Properly designed automated tools help prevent mistakes, not
cause them.

: The point is:
: If $service fails to start at bootup, I still can log in and start by hand.
: *But* this is obviously not "valid" for ssh.

So check your sshd config file for validity *before* you move it into

: Sure. My keypoint was (and even Damien told me "default is secure"):
: sshd refuses to start, if the config file is broken. WHY?
: It's rather a short patch to revert to the "secure default" configuration,
: make a critical syslog entry about this and *start*, so I am not forced
: to travel to the machine for a possible 2 minute "fix" [1]
: Corruption of the config file can occur also several conditions, and
: this "reverting" to a "known good" config by some script is errorprone
: too.

If you've got filesystem corruption, what makes you think the sshd
binary isn't corrupted as well?  Or /sbin/init, or the OS kernel?  All
bets are off then, no?  (And if filesystem corruption is likelihood,
why not put the critical system components onto a corruption-resistant
read-only medium, such as CD-R)?

So we've solved the problem of operator error (check the config file
before committing it).  And we've admitted that filesystem corruption
can hose a helluva lot more than just sshd_config.

Under what other conditions is the config file liable to be corrupted?
(Note: fires, floods, explosions, nuclear war, natural disasters, or
Acts of God aren't really merely "corruption", but rather "destruction"
or "obliteration").

jim knoble | jmknoble at   |
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
Url : 

More information about the openssh-unix-dev mailing list