[OT] Debian mailinglists
news at pointerstop.ca
Tue May 20 18:46:02 UTC 2008
Marcin Kasperski wrote:
>>>> In the case of an SSH server, wouldn't it make more sense to use a
>>>> config tool that actually _did_ try to establish a new connection
>>>> before finalizing the changes?
>>> Yeah, now you are talking about the config tool which must run
>>> cooperatively on *two* machines (the testing connection should
>>> be made from your client PC, shouldn't it). Yeah.....
>> However, that's exactly what Mario said you have to do. If you _have_ to
>> do it before it's safe to complete the configuration, then it should be
>> part of the configuration tool.
> I just ask how do you imagine such a tool. Say, you are admining
> remote Ubuntu machine from windows xp laptop (or maybe mac os/x, why
> not, or some old box with BSD and VT terminal), of course behind a
> firewall, the tool you mention should automagically install itself on
> this machine too...
We're talking about configuring an SSH server. Therefore, there's no need
to install the configuration tool on some remote client. SSH to the
server, use the tool to change the server config, save the old & new
configs, test the new config, exit the tool, exit the server. For the
actual testing, you just do:
"ssh $USER at localhost"
If the configuration actually restricts access to specific hosts, you
add "localhost" to it temporarily if it isn't already there. After
testing, you remove it if it shouldn't be there. If localhost behaves any
differently than any other host, it isn't a fault of the SSH configuration,
or therefore of the tool. If testing fails, revert changes...
More information about the ubuntu-users