BadOption failures "annoying"
Jim Knoble
jmknoble at pobox.com
Sun Oct 7 19:17:05 EST 2001
Circa 2001-Oct-07 10:43:42 +0200 dixit Philipp Buehler:
: Uhuu.. the more 'automated process' the more point of possible failures.
: (see below also)
I disagree. Processes that rely on humans are significantly more
error-prone than automated ones. Viz.: "but ... sometimes you're in a
hurry." Properly designed automated tools help prevent mistakes, not
cause them.
: The point is:
: If $service fails to start at bootup, I still can log in and start by hand.
: *But* this is obviously not "valid" for ssh.
So check your sshd config file for validity *before* you move it into
place.
: Sure. My keypoint was (and even Damien told me "default is secure"):
: sshd refuses to start, if the config file is broken. WHY?
: It's rather a short patch to revert to the "secure default" configuration,
: make a critical syslog entry about this and *start*, so I am not forced
: to travel to the machine for a possible 2 minute "fix" [1]
:
: Corruption of the config file can occur also several conditions, and
: this "reverting" to a "known good" config by some script is errorprone
: too.
If you've got filesystem corruption, what makes you think the sshd
binary isn't corrupted as well? Or /sbin/init, or the OS kernel? All
bets are off then, no? (And if filesystem corruption is likelihood,
why not put the critical system components onto a corruption-resistant
read-only medium, such as CD-R)?
So we've solved the problem of operator error (check the config file
before committing it). And we've admitted that filesystem corruption
can hose a helluva lot more than just sshd_config.
Under what other conditions is the config file liable to be corrupted?
(Note: fires, floods, explosions, nuclear war, natural disasters, or
Acts of God aren't really merely "corruption", but rather "destruction"
or "obliteration").
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20011007/b28e4a20/attachment.bin
More information about the openssh-unix-dev
mailing list