Bug#147360: sshd: add option to add sshd to user's inittab, so sshd can't get killed

[Colin Watson <cjwatson@debian.org>]

On Sat, May 18, 2002 at 06:48:26PM +0200, Andreas Fuchs wrote:
> Package: ssh
> Version: 1:3.0.2p1-9
> Severity: wishlist
> 
> Mario Lang discovered that adding this line to your inittab can save
> one's life on a machine which one can not access physically well:
> 
> ss:12345:respawn:/usr/sbin/sshd -D
> 
> This respawns sshd as soon as it gets killed, thus always keeping the
> machine accessible from outside. As this is not reasonable in an
> environment where the network is not always accessible (maybe make that
> "2345" only) or where sshd needs to remain kill-able.
> 
> My guess is that this should be optional, with maybe a debconf question
> outlining the advantages and disadvantages of that line, default to "No"
> (-:
> 
> If you're interested, I can try to provide a draft for the question.

I don't think that this should be a debconf question: there are already
too many of them, and editing /etc/inittab from ssh's postinst is going
to be risky and error-prone.

I'd be happy to document the approach in README.Debian, though: please
feel free to send some suggested text.

(Sorry for taking so long to respond to this bug report.)

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]