On 11/28/12 08:34, Antoine Jacoutot wrote:
> On Wed, Nov 28, 2012 at 08:28:10AM +0100, Alexander Hall wrote:
>> Make sure new config is valid before SIGHUP'ing sshd, which would
>> otherwise just kill it. Invalid configuration now gives:
>>
>> # pgrep sshd
>> 18998
>> # /etc/rc.d/sshd reload
>> sshd(failed)
>> # pgrep sshd
>> 18998
>>
>> Pros: Less risk of accidentally killing sshd and locking yourself out.
>> Cons: You may think that you have made changes that have not taken
>> effect, and will still screw you after a reboot.
>
> I don't understand what this means...
Possible current scenario:
# vi /etc/ssh/sshd_config
# /etc/rc.d/sshd reload
sshd(ok)
# pgrep sshd
#
so, it seems to reload, but while doing it it kills the daemon since it
fails to load the new config.
>
>>
>> I think the pros win anyway.
>>
>> OK?
>
> I'm in favor of this. But please put a blank line after sourcing
> /etc/rc.d/rc.subr for readability.
Ah, indeed. There was one, but my mailer screwed me after picking up a
message saved as draft. :-/
Same diff again.
/Alexander
Index: rc.d/sshd
===================================================================
RCS file: /data/openbsd/cvs/src/etc/rc.d/sshd,v
retrieving revision 1.1
diff -u -p -r1.1 sshd
--- rc.d/sshd 6 Jul 2011 18:55:36 -0000 1.1
+++ rc.d/sshd 28 Nov 2012 00:27:01 -0000
@@ -6,4 +6,8 @@ daemon="/usr/sbin/sshd"
. /etc/rc.d/rc.subr
+rc_reload() {
+ ${daemon} ${daemon_flags} -t && pkill -HUP -f "^${pexp}"
+}
+
rc_cmd $1
