[OT] Debian mailinglists
Florian Diesch
diesch at spamfence.net
Wed May 21 18:39:18 UTC 2008
Derek Broughton <news at pointerstop.ca> wrote:
> Mario Vukelic wrote:
>
>> On Tue, 2008-05-20 at 13:15 -0300, Derek Broughton wrote:
>>> However, that's exactly what Mario said you have to do. If you _have_
>>> to do it before it's safe to complete the configuration, then it
>>> should be part of the configuration tool.
>>
>> No I didn't.
>
> Yeah, you did - we're not in disagreement here.
>
>> Yes, you change and save the config, then try to log in with a new ssh
>> session. But you leave the old ssh connection up while doing so, thus
>> still having a way in if the new one does not work.
>
> So why can't the tool you're using for SSH configuration actually do this
> for you?
If I'm sitting on host A and want to configure sshd on host B the
tools needs to run on B. To test if I can login from A it needs to run
a process on A which is not always possible for a process running on
B (maybe there's no sshd on A).
To get your test working you would need the tool to be running on A,
copy B's config to A, modify it and copy it back.
Now what if at the time B is only reachable from A but I want to
change it so it's only reachable from C? I guess I have to start your
tool on A and configure B to allow login from C, than start your
tool on C to disable login from A on B. And I still need to manually
test that login from A is disabled.
IMHO the whole thing just got more difficult but I didn't win much.
Florian
--
<http://www.florian-diesch.de/>
-----------------------------------------------------------------------
** Hi! I'm a signature virus! Copy me into your signature, please! **
-----------------------------------------------------------------------
More information about the ubuntu-users
mailing list