--Lb0e7rgc7IsuDeGj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Apr 19, 2005 at 11:42:50AM -0500, Christ, Bryan wrote:
> I have learned the hard way that sshd cannot be restarted remotely


Incorrect.

> (sshd
> does not respond to HUP).


True, but it exits cleanly on a TERM.

> Apparently, sshd forks a new sshd process
> when a new connection is made


Only a new child process.

> and the new sshd process reads the config
> file anew. Therefore, there shouldn't be any need to restart.


Incorrect.

> Can anyone confirm this? I've never truly found the definitive answer
> for this.


You should stop and restart the parent sshd whenever you changed the
sshd_config file. Killing the parent sshd (the one whose PID is in
/var/run/sshd.pid) will not cause the children to be terminated, so
it's safe even over a remote ssh connection (as long as you don't lose
your session before you can start the new sshd).

I do the following all the time whenever I upgrade ssh on a remote box:

ssh remotebox
mv /usr/local/sbin/sshd /usr/local/sbin/sshd.old
put the new software in place
/sbin/init.d/ssh stop
/sbin/init.d/ssh start

My /sbin/init.d/ssh is attached for reference. It's for HP-UX 10, but
the same principles apply to anything even remotely close to SysV init,
just with different paths.

--Lb0e7rgc7IsuDeGj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=ssh

#!/sbin/sh

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/etc
export PATH

case "$1" in
start_msg) echo "Starting Secure Shell server";;
stop_msg) echo "Stopping Secure Shell server";;

start)
# Generate host keys if they do not exist.
if [ ! -f /usr/local/etc/ssh_host_key ]; then
ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
fi
if [ ! -f /usr/local/etc/ssh_host_dsa_key ]; then
ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
fi
if [ ! -f /usr/local/etc/ssh_host_rsa_key ]; then
ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""
fi

# Start the server (if it exists).
if [ -x /usr/local/sbin/sshd ]; then
/usr/local/sbin/sshd
fi
;;

stop)
if [ -s /var/run/sshd.pid ]; then
kill `cat /var/run/sshd.pid`
fi
;;

*)
echo "usage: $0 {start|stop|start_msg|stop_msg}" 1>&2
exit 1
;;
esac

--Lb0e7rgc7IsuDeGj--