Re: OpenSSH b0rked (was RE: Problems with IPFW patch)

From: Rasputin (
Date: 01/29/01

Date: Mon, 29 Jan 2001 09:57:53 +0000
From: Rasputin <>

* Matt Dillon <> [010126 21:55]:
> :I would ask, that in -STABLE at least, the fatal error be backed
> :out to a warning, at least for a few months (with sshd ignoring the
> :directive, and continuing to run), and then only move to a fatal
> :error + die.
> :
> :-aDe
> I second this request. It also happened when pam.conf/ssh changed.
> Only the serial console saved me from a car trip to one of my
> colocated machines. Two such changes in a row for ssh is too much.
> -Matt

In general I'd agree with Matt and aDe, but if a directive
affecting security has changed, I'd say it's better to be notified of it
as soon as possible.
Killing off sshd obviously makes remote admin a real problem, though;
is there another way to guarantee we'd notice ?

Jack of All Trades :: Master of Nuns
To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message