contrib/solaris/opensshd.in patch
Kevin Sindhu
kevin at tgivan.com
Sun Jan 20 04:02:28 EST 2002
Moin mouring!
mouring at etoh.eviladmin.org schrieb am Samstag, den 19. Januar 2002:
> > pkill is not portable. Its available only on 2.7+ and I agree with
> > not using pgrep.
> > Something like:
> > PID=`ps -a | awk '/[s]shd/{print $1}'`
> Same problem as the original code. It could kill all children sshd
> which would kill your remote session if you are upgrading OpenSSH.
True. However what about:
a) Killing all(any) instances of sshd and restarting sshd
Problems with this: - all children are still killed
- restart does not ensure that the daemon
started properly. If the config has some
problem(s), the user is locked out.
b) Interactive ps -ef which displays all running instances of sshd and
asks for user input for the correct PPID of sshd.
Problems with this: - Not foolproof.
- Everyone/many(?) would not like a
interactive menu of sshd
- In case this for the solaris pkg, this
section would need to go into the request
script where the value will be used only in
the postinstall. (There can be no user input
in the pre/post{request} files).
Either case, how about opting for (a) when (and only when), sshd.pid
is not found or is corrupted? Something like a forcerestart option?
Anyway, none of the above solutions are really foolproof in the first
place.
> Somene stated sshd.pid should be used, and I agree mostly. However
> pid files get corrupted too easily. I'd like a fall back method if
> sshd.pid is not right. However no fallback method I know off hand
> would protect the sshd children from being killed.
Yup, this happens all the time. A classic example is ipmon.pid on
Solaris using IPFilter.
> BTW.. Jos.. It is nice you like Dan Bernstein's tools. But I sure
> the hell ain't going to make them 'required' for a stupid little
> start/stop script. When I myself do not like most of his works nor
> his licensing.
Amen.
Rgds,
-Kevin
More information about the openssh-unix-dev
mailing list