From owner-freebsd-questions@FreeBSD.ORG Thu Sep 18 01:30:16 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 581C616A4B3 for ; Thu, 18 Sep 2003 01:30:16 -0700 (PDT) Received: from web10004.mail.yahoo.com (web10004.mail.yahoo.com [216.136.130.40]) by mx1.FreeBSD.org (Postfix) with SMTP id C84B543F75 for ; Thu, 18 Sep 2003 01:30:13 -0700 (PDT) (envelope-from voracity_net@yahoo.com) Message-ID: <20030918083013.77982.qmail@web10004.mail.yahoo.com> Received: from [67.160.219.187] by web10004.mail.yahoo.com via HTTP; Thu, 18 Sep 2003 01:30:13 PDT Date: Thu, 18 Sep 2003 01:30:13 -0700 (PDT) From: "Voracity.net Administrator" To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: remote administration of upgrades X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 08:30:16 -0000 Hello, I am concerned about the recent ssh and sendmail security bulletins and would like to patch, but I have a few questions. The server that I administer runs FreeBSD 4.8, and I only have ssh access to it, not physical console access. Additionally, it's a production web server and so it would be nice if upgrades went off with as little disruption as possible. Anyway, I used cvsup to grab the RELENG_4_8 sources with the fixes. I'm now faced with the choice of doing "make world" (which I have never done) or just recompiling ssh and sendmail and installing them only. - All of the instructions for "make world" that I've read involve shutting down into single-user mode, am I corrent that this is not possible over ssh? Is there a way to accomplish the install step remotely? I have already recompiled and successfully installed a customized kernel remotely, and that was gut-wrenching enough waiting the minute or so while it rebooted with fingers crossed. :-) - Assuming that is not possible, I will just recompile the individual parts, following the instructions in the bulletin. However, I still don't want to fubar sshd and then not be able to connect to fix it. When I run "kill `cat /var/run/sshd.pid`" will that kill only the listening daemon (leaving any already-established sessions open) or will it kill all connections and everything related to sshd? I was hoping that I could kill just the listening sshd, restart the new one, and test it by connecting, all without severing the old known working connections... at least I'd have an out if something went wrong. And likewise, if I wanted to restart sshd (for example, after changing the config file) can I safely kill the sshd.pid process without killing the current sessions, just in case restarting sshd doesn't work? Thanks. __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com