remote administration of upgrades

[Voracity.net Administrator]

Hello, I am concerned about the recent ssh and
sendmail security 
bulletins and would like to patch, but I have a few
questions.  The 
server that I administer runs FreeBSD 4.8, and I only
have ssh access to 
it, not physical console access.  Additionally, it's a
production web 
server and so it would be nice if upgrades went off
with as little 
disruption as possible.

Anyway, I used cvsup to grab the RELENG_4_8 sources
with the fixes.  I'm 
now faced with the choice of doing "make world" (which
I have never 
done) or just recompiling ssh and sendmail and
installing them only.

- All of the instructions for "make world" that I've
read involve 
shutting down into single-user mode, am I corrent that
this is not 
possible over ssh?  Is there a way to accomplish the
install step 
remotely?  I have already recompiled and successfully
installed a 
customized kernel remotely, and that was gut-wrenching
enough waiting 
the minute or so while it rebooted with fingers
crossed.  :-)

- Assuming that is not possible, I will just recompile
the individual 
parts, following the instructions in the bulletin. 
However, I still 
don't want to fubar sshd and then not be able to
connect to fix it. 
When I run "kill `cat /var/run/sshd.pid`" will that
kill only the 
listening daemon (leaving any already-established
sessions open) or will 
it kill all connections and everything related to
sshd?  I was hoping 
that I could kill just the listening sshd, restart the
new one, and test 
it by connecting, all without severing the old known
working 
connections... at least I'd have an out if something
went wrong.  And 
likewise, if I wanted to restart sshd (for example,
after changing the 
config file) can I safely kill the sshd.pid process
without killing the 
current sessions, just in case restarting sshd doesn't
work?

Thanks.



__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com