[OT] Debian mailinglists

Steve Lamb grey at dmiyu.org
Tue May 20 19:20:47 UTC 2008


On Tue, May 20, 2008 11:46 am, Derek Broughton wrote:
> We're talking about configuring an SSH server.  Therefore, there's no need
> to install the configuration tool on some remote client.

    Yes, there is.

> SSH to the
> server, use the tool to change the server config, save the old & new
> configs, test the new config, exit the tool, exit the server.  For the
> actual testing, you just do:
>   "ssh $USER at localhost"

    This tests nothing.

> If the configuration actually restricts access to specific hosts, you
> add "localhost" to it temporarily if it isn't already there.  After
> testing, you remove it if it shouldn't be there.  If localhost behaves any
> differently than any other host, it isn't a fault of the SSH configuration,
> or therefore of the tool.  If testing fails, revert changes...

    Uh, but your original point was that someone could munge the SSH
configuration in a way they would be locked out of their machine.  That
implies restrictions which cannot be tested by testing whether localhost
can connect.  Localhost connecting has no bearing on whether the host
you're currently using can connect.  Hence why people are trying to get
it through your noggin the test cannot be done.


-- 
Steve Lamb





More information about the ubuntu-users mailing list