On Fri, Dec 28, 2001, guy keren wrote about "Re: Tip: Upgrading the SSH Daemon": > that is necessary, since if your active connection(s) die (e.g. the box > gets rebooted due to power outage, or something similar) during the > process - you're _possibly_ locked out, in case your new install isn't > done properly.
Guy, I'm sure you know that everything in life has a probability. If a certain thing means a 1/100 probability to having to go to Actcom tomorrow, this sucks (especially if you repeat it a hundred times). But what if the probability is 1e-6 (1/million)? You're right that "my way" there is a tiny probability that all open sessions will die while you're replacing ssh. E.g., a power outage. But since in Netvision (for example) I don't experience more than one power outage every 1-2 years, the probability of this happening is tiny. And the only bad thing that could happen in that remote case is that I'll need to come over physically to the machine. > shlomi's doing things the same way. you and nadav are doing things the > careless way. you'll get there faster if it works, but shlomi has a > smaller 'Tochelet' (how's that called in english), if you account for both > successfull and unsuccesfull installations. Unless shlomi's way it more complicated, in which case he has an greater chance to make a mistake while doing it and end up with no working ssh. Anyway, I'm not saying Shlomi's way is bad. Both methods work. Just get your ssh upgraded and be done with it! The ssh you're currently using is actively being exploited all over the world, so a bit of sniffing around the system for signs of it already being broken into will also be prudent. > the good and carefull remote (sometimes also local) sysadmin will use > shlomi's method for this single reason. I have around 5 years experience as a 100%-remote sysadmin. I always upgraded ssh "my way", and it never caused any problems. I only visited the machine "in real life" 3 times, ever, and none of these times was because we lost ssh access. I visit the machine (the one running ivrix.org.il and other stuff) so rarely that I'm always surprised again how crappy it actually looks (it's a bit-up old Pentium 166, with no case) :) -- Nadav Har'El | Friday, Dec 28 2001, 14 Tevet 5762 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |In case of emergency, this box may be http://nadav.harel.org.il |used as a quotation device. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
