Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Jacques A. Vidrine (nectarFreeBSD.ORG)
Date: Tue Apr 09 2002 - 11:23:41 CDT
On Tue, Apr 09, 2002 at 08:15:14AM -0700, X Philius wrote:
> 1. How do I verify that the patch did what it was supposed to do? My
> understanding is that this will not update the version flag of OpenSSH,
> and so other than making sure that the patch and install etc run
> without error, how do I make sure everything is cool?
There is nothing special to do to verify that the patch was installed.
Either you applied the patch, recompiled, and reinstalled, or you
> 2. The security notice did not really say what I needed to do to make
> sure that the new version of sshd was loaded in to memory after the
Yes, that was an oversight that we hope to avoid in the future.
> On my dev machine I just rebooted (the brute force method!)
> I'd rather not do the same on my prod machine. Can I run a "kill -1" on
> the process while logged in via SSH? My instincts tell me that would
> log me out.
You can terminate the master SSH process without affecting your
currently active SSH sessions. The PID of the master process is
probably in /var/run/sshd.pid. You might also use `sockstat' to
determine which process is listening --- look for the wildcard address
`*:*' in the rightmost column.
> Do I need to be local on the machine and run a "kill -1",
> or do I have to actually stop sshd entirely and then restart it to load
> the new binary? Truth to tell, I can reboot my prod machine as well,
> but I am practicing for a day when my server is co-lo'ed elsewhere and
> not available for local log ins!
OpenSSH sshd responds to the HUP signal by exec'ing itself, so this
should be sufficient.
-- Jacques A. Vidrine <nnectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrineverio.net . nectarFreeBSD.org . nectarkth.se
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message