remote administration of upgrades
Voracity.net Administrator
voracity_net at yahoo.com
Thu Sep 18 01:30:16 PDT 2003
Hello, I am concerned about the recent ssh and
sendmail security
bulletins and would like to patch, but I have a few
questions. The
server that I administer runs FreeBSD 4.8, and I only
have ssh access to
it, not physical console access. Additionally, it's a
production web
server and so it would be nice if upgrades went off
with as little
disruption as possible.
Anyway, I used cvsup to grab the RELENG_4_8 sources
with the fixes. I'm
now faced with the choice of doing "make world" (which
I have never
done) or just recompiling ssh and sendmail and
installing them only.
- All of the instructions for "make world" that I've
read involve
shutting down into single-user mode, am I corrent that
this is not
possible over ssh? Is there a way to accomplish the
install step
remotely? I have already recompiled and successfully
installed a
customized kernel remotely, and that was gut-wrenching
enough waiting
the minute or so while it rebooted with fingers
crossed. :-)
- Assuming that is not possible, I will just recompile
the individual
parts, following the instructions in the bulletin.
However, I still
don't want to fubar sshd and then not be able to
connect to fix it.
When I run "kill `cat /var/run/sshd.pid`" will that
kill only the
listening daemon (leaving any already-established
sessions open) or will
it kill all connections and everything related to
sshd? I was hoping
that I could kill just the listening sshd, restart the
new one, and test
it by connecting, all without severing the old known
working
connections... at least I'd have an out if something
went wrong. And
likewise, if I wanted to restart sshd (for example,
after changing the
config file) can I safely kill the sshd.pid process
without killing the
current sessions, just in case restarting sshd doesn't
work?
Thanks.
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
More information about the freebsd-questions
mailing list