Prev: a VNC client suitable to monitor 15 desktops in 1 screen, automatic reconnect. Exists?
Next: www.debian.org/security/ does not know about kernel update??
From: Jon Dowland on 18 Feb 2010 12:00 On Thu, Feb 18, 2010 at 04:20:36PM +0000, Nuno Magalhães wrote: > 2010/2/18 Artifex Maximus <artifexor(a)gmail.com>: > > Put this line into your sshd_config: > > > > VersionAddendum AnyString-19540331 > > It's a remote machine and i want no string whatsoever, > hence the attempted upgrade. Try VersionAddendum "" then. restarting the sshd daemon does not close your existing ssh connections. do it, (invoke-rc.d ssh restart) make sure the daemon accepts new connections (ssh from another terminal window), and if you can't login, back out the change, restart sshd again and confirm you can login. It's always worth having a different channel to a machine if ssh fails, such as a remote server management system with a built-in local terminal (HP ones give you a java applet which emulates a local keyboard and VGA monitor), or a serial console connection to a serial multiplexer tool, or a route to the 'console' for a virtual machine (many VPS providers will offer this) -- Jon Dowland
From: Nuno Magalhães on 18 Feb 2010 12:10 On Thu, Feb 18, 2010 at 16:49, Jon Dowland <jmtd(a)debian.org> wrote: > On Thu, Feb 18, 2010 at 04:20:36PM +0000, Nuno Magalhães > wrote: >> 2010/2/18 Artifex Maximus <artifexor(a)gmail.com>: >> > Put this line into your sshd_config: >> > >> > VersionAddendum AnyString-19540331 >> >> It's a remote machine and i want no string whatsoever, >> hence the attempted upgrade. > > Try > > VersionAddendum "" > > then. > > restarting the sshd daemon does not close your existing ssh IT'S A REMOTE MACHINE, i would've restarted ssh already, don't you think? I'm trying to avoind rebooting, but it seems like the only choice. And i have two channels, only of the same kind. Maybe i should've thown a cron job at it too but it's too late for What ifs. -- () ascii-rubanda kampajno - kontraÅ html-a retpoÅto /\ ascii ribbon campaign - against html e-mail -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/6b1504c41002180900n15722573u6fa23b89f042ea04(a)mail.gmail.com
From: Nuno Magalhães on 19 Feb 2010 03:10 Ok, after running ssh with -vvv [1] and renaming my ~/.ssh [2] i came to fear dpkg may have done something to the current installation, even though it stopped 'cos it had missing dependencies. I had 5.1p1, not 5.3p1 as i'm getting from both ports... Which probably means the reboot i asked for tonight just might not solve anything. Any thoughts? Thanks, Nuno [1] http://pastebin.com/m61f505c5 [2] http://pastebin.com/m5c4564a0 -- () ascii-rubanda kampajno - kontraÅ html-a retpoÅto /\ ascii ribbon campaign - against html e-mail -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/6b1504c41002190008i38bcf2e1h3e0d027b6c8e330d(a)mail.gmail.com
From: Nuno Magalhães on 20 Feb 2010 10:40 Hi Ok, i was told sshd will keep sessions alive during an upgrade, which would make sense since they're in memory and i'm upgrading the binary on disk. Still, after many aptitude upgrades where the ncurses popup tells me the following services need to be restarted, that didn't come to mind at the time. So the idea was to run two different binaries on two different ports with two different config files (just changing the port (yes i opened the ports in the fw)). This is a minimal remote server running lenny. Here's a step-by-step of what i've done, maybe someone can shed some light on where i went wrong: 1. cp /usr/sbin/sshd /usr/sbin/sshd2 2. cp /etc/ssh/sshd_config /etc/ssh/sshd_config2 Change the port in 2. 3. open the new port in the fw and restart it 4. cp /etc/init.d/ssh /etc/init.d/ssh2 Come to think of it i don't know why i would also copy the init script, 'cos that evidently screwed any attempt at a clean reboot. 5. /usr/sbin/sshd2 -f /etc/ssh/sshd_config2 & 6. test both connections 7. wget ...debian.org...openssh-server_5.3p1-1_i386.deb 8. dpkg -i openssh-server_5.3p1-1_i386.deb Which produced this: dpkg: dependency problems prevent configuration of openssh-server: openssh-server depends on libc6 (>= 2.8); however: Version of libc6 on system is 2.7-18. openssh-server depends on libgssapi-krb5-2 (>= 1.7dfsg~beta1); however: Package libgssapi-krb5-2 is not installed. openssh-server depends on libk5crypto3 (>= 1.6.dfsg.2); however: Package libk5crypto3 is not installed. openssh-server depends on libkrb5-3 (>= 1.6.dfsg.2); however: Package libkrb5-3 is not installed. openssh-server depends on libssl0.9.8 (>= 0.9.8k-1); however: Version of libssl0.9.8 on system is 0.9.8g-15+lenny5. openssh-server depends on openssh-client (= 1:5.3p1-1); however: Version of openssh-client on system is 1:5.1p1-5. dpkg: error processing openssh-server (--install): dependency problems - leaving unconfigured I assumed dpkg didn't actually do anything, but i guess it must've done something. When i came home i couldn't log in again. Fortunately my host's reachable by phone, we scheduled a reboot. Didn't work, i wasn't even getting error messages again, just connection refused[1], on both ports, by the new version. They opened console through vnc, i ran some updates, upgrades, purges and what not and it's back working again, with the old version. And it still shows its damn string. Btw why does openssh-server depends on openssh-client? Anyway thanks for the tips. [1] http://pastebin.com/m35b138b9 -- () ascii-rubanda kampajno - kontraÅ html-a retpoÅto /\ ascii ribbon campaign - against html e-mail -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/6b1504c41002200736o7f4d031ct93f4d607da80c98d(a)mail.gmail.com
From: Rob Owens on 20 Feb 2010 18:20
On Sat, Feb 20, 2010 at 03:36:20PM +0000, Nuno Magalh�es wrote: > Hi > > Ok, i was told sshd will keep sessions alive during an upgrade, which > would make sense since they're in memory and i'm upgrading the binary > on disk. Still, after many aptitude upgrades where the ncurses popup > tells me the following services need to be restarted, that didn't come > to mind at the time. So the idea was to run two different binaries on > two different ports with two different config files (just changing the > port (yes i opened the ports in the fw)). This is a minimal remote > server running lenny. Here's a step-by-step of what i've done, maybe > someone can shed some light on where i went wrong: > > 1. cp /usr/sbin/sshd /usr/sbin/sshd2 > 2. cp /etc/ssh/sshd_config /etc/ssh/sshd_config2 > Change the port in 2. > 3. open the new port in the fw and restart it > 4. cp /etc/init.d/ssh /etc/init.d/ssh2 > Come to think of it i don't know why i would also copy the init > script, 'cos that evidently screwed any attempt at a clean reboot. > 5. /usr/sbin/sshd2 -f /etc/ssh/sshd_config2 & > 6. test both connections > 7. wget ...debian.org...openssh-server_5.3p1-1_i386.deb > 8. dpkg -i openssh-server_5.3p1-1_i386.deb > Which produced this: > > <snip> I missed the beginning of this thread... I just tested a couple of my machines, and I can stop the ssh daemon while logged in via ssh. My session persists, and I can restart the daemon later from that same session. -Rob -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100220231951.GC5053(a)aurora.owens.net |