[ale] Remote SSH update - question from the cursed

Jim Popovitch jimpop at rocketship.com
Fri Jun 28 10:38:52 EDT 2002


Why not just open up three or four ssh sessions to your server, then do the
remote upgrade of ssh and restart init.d/sshd.  Then try logging in with a
new connection to the same server.  If it fails, you still have the three or
four open sessions to fall back on.  If you are worried about network or
power blips during this time, invest in a UPS for your router/modem as well
as your computer.  Usually i have inetd disabled on my servers, but when
doing remote updates of ssh I usually reenable inetd so that i can telnet
into the box in the worst of cases.

-Jim P.

> -----Original Message-----
> From: jenn at colormaria.com [mailto:jenn at colormaria.com]
> Sent: Friday, June 28, 2002 9:52 AM
> To: ale at ale.org
> Subject: [ale] Remote SSH update - question from the cursed
>
>
> In most places I consider myself a reasonably competent systems admin,
> but when it comes to updating SSH (my *only* way onto most of my
> machines) I get so nervous I invariably screw it up and lock myself out
> of my machines. I live 250 miles away from most of my machines, and 700
> miles away from others.  Screwing up is a big deal.
>
> So.  Two questions.  One, does this procedure make sense and is there a
> shorter way to do it:
> 1) open port on firewall
> 2) copy /usr/sbin/sshd to /usr/sbin/sshd_old, copy config files
> 3) run sshd_old with the copied config file on a different port
> 4) log in on different port
> 5) install new ssh to standard place, restart server, etc
> 6) close down alt sshd after verifying log in on new sshd
>
> Two:
> I'm now in a situation where I have to manage machines that sit behind
> a very restrictive fw that I don't have control over, and it would take
> weeks to get another port opened.  Obviously above steps would fail.
> I've never been able to just make install over a running sshd, I assume
> one is not supposed to do such things.  Help??
>
> TIA,
> jenn,
> cursed
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list