Hi, Well as the subject says after installing openssh.rpm to SuSE 7.1 via # su -c ' rpm -Uhv openssh.rpm' I issued su to root and echo "rcsshd restart" |at now +2min and I logout from the machine. The command runs and sshd complains port 22 address has already binded /etc/ssh/primes not found using old prime and I still have the previous sshd running :-( Where am I doing the mistake ? Note I can not log in as root and ssh is the only access to the machine (meaning I do not have a terminal connected) -- Togan Muftuoglu
On Tuesday, 4. December 2001 17:02, Togan Muftuoglu wrote:
Note I can not log in as root and ssh is the only access to the machine (meaning I do not have a terminal connected)
Connect to your box, start a sshd on port 2222 connect to this temporary sshd kill other instance of sshd restart sshd Test!! the new ssh log out I think this is how I did it the other time I updated ssh. Peter
* Peter Wiersig; <wiersig@glamus.de> on 04 Dec, 2001 wrote:
start a sshd on port 2222 connect to this temporary sshd kill other instance of sshd restart sshd Test!! the new ssh log out
Many thanks for the tip -- Togan Muftuoglu
On Tue, 4 Dec 2001, Peter Wiersig wrote:
On Tuesday, 4. December 2001 17:02, Togan Muftuoglu wrote:
Note I can not log in as root and ssh is the only access to the machine (meaning I do not have a terminal connected) Connect to your box, start a sshd on port 2222 connect to this temporary sshd kill other instance of sshd restart sshd I do it always with VNC, using an ssh tunnel to another machine in the local network, if possible. This is also a good, trusted "backdoor", I sometimes open for a few IP's. VNC itself is not encrypted, but for some situations it can be used without security implications.
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
On Tue, Dec 04, 2001 at 06:02:44PM +0200, Togan Muftuoglu wrote:
Hi,
Well as the subject says after installing openssh.rpm to SuSE 7.1 via
# su -c ' rpm -Uhv openssh.rpm' I issued su to root and echo "rcsshd restart" |at now +2min and I logout from the machine. The command runs and sshd complains
port 22 address has already binded /etc/ssh/primes not found using old prime
and I still have the previous sshd running :-( Where am I doing the mistake ? Note I can not log in as root and ssh is the only access to the machine (meaning I do not have a terminal connected)
Normally this would work (provided that the command rcsshd is in your path -- but I guess you checked the at job output). In your case it could be due to an issue special to 7.1. You need an uptodate version of the sysvinit package (it's on ftp.suse.com), otherwise after an update of the sshd binary it won't be killed by the killproc program (that is used within the /etc/init.d/sshd script). This was a bug. Peter -- VFS: Busy inodes after unmount. Self-destruct in 5 seconds. Have a nice day...
* Peter Poeml; <poeml@suse.de> on 04 Dec, 2001 wrote:
Normally this would work (provided that the command rcsshd is in your path -- but I guess you checked the at job output).
yes sshd was restarted
In your case it could be due to an issue special to 7.1. You need an uptodate version of the sysvinit package (it's on ftp.suse.com), otherwise after an update of the sshd binary it won't be killed by the killproc program (that is used within the /etc/init.d/sshd script). This was a bug.
Ok I have checked the version of sysvinit.rpm on my box it says 2.78-143. I could not find an updated sysvinit.rpm on the 7.1 updates directory of the ftp ( I have used ftp.suseturkey.com and ftp.gwdg.de to be sure). However there happens to be an updated sysvinit.rpm with version 2.78-151 on the ftp if I go to the 7.1 ftp tree (not the update). Checking the changelog of the rpms give a diff of nothing since they are identical meaning whatever the bug that you mention if it is corrected then it is not mentioned. So giving the benefit of doubt I am assuming the bug you mention is fixed. On the other hand I would have expected a two line changelog added to the new rpm and placing the new rpm to the updates directory. Though it is not security bug it should be mentioned on the updates listing on http://www.suse.de/en/support/download/updates/71_i386.html Anyway, if it was not this bug I would not had learned the trick of running a second sshd on a different port and killing the original just to get the new ssh running. Hope in the future maintainers will be more generous in typing two more lines: -) -- Togan Muftuoglu
Hi, On Tue, Dec 04, 2001 at 08:44:40PM +0200, Togan Muftuoglu wrote:
* Peter Poeml; <poeml@suse.de> on 04 Dec, 2001 wrote:
In your case it could be due to an issue special to 7.1. You need an uptodate version of the sysvinit package (it's on ftp.suse.com), otherwise after an update of the sshd binary it won't be killed by the killproc program (that is used within the /etc/init.d/sshd script). This was a bug.
Ok I have checked the version of sysvinit.rpm on my box it says 2.78-143. I could not find an updated sysvinit.rpm on the 7.1 updates directory of the ftp ( I have used ftp.suseturkey.com and ftp.gwdg.de to be sure).
You are right -- I can't find a sysvinit.rpm update either. Sorry, I was sure we had them... I probably confused it because I knew of that bug, and I used to install a sysvinit update package which is available for ... 7.2 (for another problem).
However there happens to be an updated sysvinit.rpm with version 2.78-151 on the ftp if I go to the 7.1 ftp tree (not the update). Checking the changelog of the rpms give a diff of nothing since they are identical meaning whatever the bug that you mention if it is corrected then it is not mentioned. So giving the benefit of doubt I am assuming the bug you mention is fixed.
Right... There is no difference apart from the RPM release number (which only means that the package has been rebuild a couple of times).
On the other hand I would have expected a two line changelog added to the new rpm and placing the new rpm to the updates directory.
The lines would be * Thu Mar 22 2001 - werner@suse.de - Startproc/killproc: handle by RPM moved and deleted exe links [...] * Mon Mar 19 2001 - werner@suse.de - Startproc/killproc: handle deleted exe links The dates tell that the changes are contained in 7.2, as apparently we did not make update packages available. I will see if we shouldn't do that.
Though it is not security bug it should be mentioned on the updates listing on http://www.suse.de/en/support/download/updates/71_i386.html
It would :)
Togan Muftuoglu
Peter -- VFS: Busy inodes after unmount. Self-destruct in 5 seconds. Have a nice day...
On Tuesday 04 December 2001 17:02, Togan Muftuoglu wrote:
Hi,
Well as the subject says after installing openssh.rpm to SuSE 7.1 via
# su -c ' rpm -Uhv openssh.rpm' I issued su to root and echo "rcsshd restart" |at now +2min and I logout from the machine. The command runs and sshd complains
port 22 address has already binded /etc/ssh/primes not found using old prime
and I still have the previous sshd running :-( Where am I doing the mistake ? Note I can not log in as root and ssh is the only access to the machine (meaning I do not have a terminal connected)
I've had that happen to me as well, it *might* be that another active ssh session was the reason for that, but I'm not sure. But I did manage to cut myself off of a colocated server at that time. :-((( Since then (provided I'm reasonably sure the new sshd will work) I do it like this: screen # start a screen session [from within screen] sleep 5; rcsshd stop ; sleep 3 ; killall -9 sshd ; sleep 5 ; rcsshd start [control-A D , control-D] #detach the screen; logout Of course, make sure the killall command is appropriate for your system. This kicks off all ssh users, obviously. But that's a feature. ;-) Granted, it's a bit involved but it beat the hell out of locking yourself out. -- Maarten J. H. van den Berg ~~//~~ network administrator van Boetzelaer van Bemmel - Amsterdam - The Netherlands http://vbvb.nl T+31204233288 F+31204233286 G+31651994273
participants (5)
-
Maarten J H van den Berg -
Markus Gaugusch -
Peter Poeml -
Peter Wiersig -
Togan Muftuoglu