I have looked into the spec file for the openssh rpm. In the %preun stanza, I noticed that the currently running sshd is stopped only when removing the package. On the other hand, it is theoretically possible that a new version of openssh may install files which would make the old sshd misbehave. So I think, it is better to stop sshd every time the package is upgraded. Also, the %post stanza for the server package, starts sshd. But what if the upgrade is done in single user mode? The sysV initscript does not check if networking is up---it just seems to start the service no matter what. Best, Mate --- Mate Wierdl | Dept. of Math. Sciences | University of Memphis
mw at moni.msci.memphis.edu said:> So I think, it is better to stop sshd every time the package is > upgraded.I agree - be slightly careful here in that you don't have (effectively) a killall sshd here, because thats very embarassing if you are upgrading a remote machine over a ssh session (I speak from experience).> Also, the %post stanza for the server package, starts sshd. But what > if the upgrade is done in single user mode? The sysV initscript does > not check if networking is up---it just seems to start the service no > matter what.I'm unhappy about this - its a complete pain if you are installing ssh as part of your machine build. You may also happen to be missing decent entropy etc under these conditions. I personally modify the spec & init.d files to do the key generation within the start part of the init.d file. I guess if sshd *was* running then starting it again is reasonable, otherwise do not start it. Nigel. -- [ - Opinions expressed are personal and may not be shared by VData - ] [ Nigel Metheringham Nigel.Metheringham at VData.co.uk ] [ Phone: +44 1423 850000 Fax +44 1423 858866 ]
On Mon, 6 Mar 2000, Mate Wierdl wrote:> I have looked into the spec file for the openssh rpm. > In the %preun stanza, I noticed that the currently running sshd is > stopped only when removing the package. On the other hand, it is > theoretically possible that a new version of openssh may install files > which would make the old sshd misbehave.Have a look in %post The server is restarted whenever it is upgraded, but the config files are not replaced. I will change this if I feel an upgrade changes semantics sufficiently but I think it is reasonable now. -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)