contrib/solaris/opensshd.in patch

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Sun Jan 20 04:28:40 EST 2002 

On Sat, 19 Jan 2002, Kevin Sindhu wrote:

> Moin mouring!
>  mouring at etoh.eviladmin.org schrieb am Samstag, den 19. Januar 2002:
>
> > > pkill is not portable. Its available only on 2.7+ and I agree with
> > > not using pgrep.
>
> > > Something like:
>
> > > PID=`ps -a | awk '/[s]shd/{print $1}'`
>
> > Same problem as the original code.  It could kill all children sshd
> > which would kill your remote session if you are upgrading OpenSSH.
>
> True. However what about:
>
> a) Killing all(any) instances of sshd and restarting sshd
>     Problems with this: - all children are still killed
>                         - restart does not ensure that the daemon
>                           started properly. If the config has some
>                           problem(s), the user is locked out.
>
> b) Interactive ps -ef which displays all running instances of sshd and
>    asks for user input for the correct PPID of sshd.
>    Problems with this:  - Not foolproof.
>                         - Everyone/many(?) would not like a
>                           interactive menu of sshd
>                         - In case this for the solaris pkg, this
>                           section would need to go into the request
>                           script where the value will be used only in
>                           the postinstall. (There can be no user input
>                           in the pre/post{request} files).
>
>
> Either case, how about opting for (a) when (and only when), sshd.pid
> is not found or is corrupted? Something like a forcerestart option?
> Anyway, none of the above solutions are really foolproof in the first
> place.
>

Too bad we don't have an acceptable way of changing the process name.
Under OpenBSD this problem is easy.

ps -ax | grep sshd | grep -v sshd:

all children have their names changed.

Granted this may kill other sshd deamons (if you have two sshd running
for some reason), but the children would be safe.   Too bad this does not
happen.

The more I think about it.. the more I just want to accept sshd.pid (with
a check that is is really sshd) as gold.  IF the pid does not exist or is
not of the right name.  Then return "Can not find SSH pid." error and
shortcut out of the process leaving an intelligent (or so we hope =) admin
to find and kill the pid him/herself.

I more than likely will do this on Wed when I return to work if no one
submits a patch before then.  I already have a patch waiting to go in to
support exec_prefilx vs prefix already (ran out of time for my own testing
on friday).

- Ben

More information about the openssh-unix-dev mailing list