Re: openssh remote upgrade procedure?

To: debian-security@lists.debian.org
Subject: Re: openssh remote upgrade procedure?
From: "Kim N. Lesmer" <knl@bitflop.com>
Date: Wed, 21 May 2008 00:38:05 +0200
Message-id: <[🔎] 20080521003805.3dd885cc.knl@bitflop.com>
In-reply-to: <[🔎] feffd9290805201245p33e3a254n710aaf0725b71677@mail.gmail.com>
References: <[🔎] feffd9290805200020o34e17836jff6ecded3a5d41fc@mail.gmail.com> <[🔎] 1211288569.32360.2.camel@localhost.localdomain> <[🔎] feffd9290805201245p33e3a254n710aaf0725b71677@mail.gmail.com>

On Tue, 20 May 2008 20:45:20 +0100
"Alexandros Papadopoulos" <apapadop@alumni.cmu.edu> wrote:

> 3. Testing to see if you can still get on to a server is exactly what
> I would have done, if my connection had not been killed by the server
> itself a few seconds after upgrading the packages. This happened on
> two servers running different versions of debian (etch & lenny).

This is not normal. I have upgraded two of my servers where I have also
only SSH access, and I didn't experience any breakage of the
connection. Since you have experienced this on both an etch and a lenny
machine, something points in the direction of, that you have done
something wrong, perhaps with you initial setup.

> 4. So I did get bitten by "this" - whatever that is. Now how do I fix
> it? I have employed local staff to relax the restrictions of
> sshd_config and restart the daemon, with absolutely no change in
> behavior.

So at this point you cannot gain access on the machine at all using
SSH, but you have a local staff with access. Make them purge (not just
delete) the openssh-server, and re-install it.

> a) How/why were my active connections to the server killed right after
> upgrading and

Almost impossible to know since so far you are the only one reporting
this behaviour.

> b) Why I am not allowed access now that I try to utilise the simplest
> of all, keyboard interactive authentication. I'd suspect breakage
> between the new openssh daemon and the authentication mechanisms (PAM,
> GSSAPI, you-name-it), but on two different distributions
> simultaneously?

Perhaps, but a purge would solve the problem then.

> I'd appreciate any helpful comment both for my case and for the
> benefit of anyone else who gets "bit" by what has historically been a
> quite safe and painless procedure: updating a Debian system.

I hope you find the solution quickly.

> Thanks
> 
> -A
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 

--
Med venlig hilsen/Best regards

Kim N. Lesmer
Programmer/Systems administrator

Web    : www.bitflop.com
E-mail : knl@bitflop.com

Reply to:

Follow-Ups:
- Re: openssh remote upgrade procedure?
  - From: "Jim Popovitch" <yahoo@jimpop.com>
- Re: openssh remote upgrade procedure?
  - From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>

References:
- openssh remote upgrade procedure?
  - From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>
- Re: openssh remote upgrade procedure?
  - From: Karl Goetz <karl@kgoetz.id.au>
- Re: openssh remote upgrade procedure?
  - From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>

Prev by Date: RE: [SECURITY] [DSA 1583-1] New gnome-peercast packages fix several vulnerabilities
Next by Date: Re: openssh remote upgrade procedure?
Previous by thread: Re: openssh remote upgrade procedure?
Next by thread: Re: openssh remote upgrade procedure?
Index(es):
- Date
- Thread