Friday, June 09, 2006

upgrade ssh server remotely

i've been looking for the most efficient way to upgrade ssh server remotely. this task is quite risky since if the upgrade not going as expected you'll lost your access to the box, unless you have console server connected to it, otherwise you'll need to ask somebody on site to log in locally & start the ssh daemon.

so far i've found several ways to do it:

1. install normal way
i found this useful article on how to upgrade ssh server remotely here
quite straight forward. just that you need to kill the ssh daemon manually & be careful not to kill your current session.

2. using at command
you can set specific time using at command to start the ssh daemon after you've installed it.
or something like:
# /etc/init.d/sshd stop; make install; /etc/init.d/sshd start
but i must say that this is quite risky since you are not sure whether the daemon can start up without any problem after the new installation.

3. use different port
some say you better use other port for the new ssh installation. if you can connect to the new ssh server using those port then you can revert it back to the normal port which is 22. low risk but extra steps.

4. enable the backdoor
enable the other remote access which is telnet. i think this is the most safest way to do it even though it is security risk to enable telnet but at least you can still access your box if the ssh kaput!

but how about you need to upgrade a ton of servers? which way you should go?
for me i'll go for no 4. write a script to do:
1) enable telnet & make sure you can access using telnet
2) install/upgrade ssh server & test the installation
with 1 condition, all your servers must have the same configuration. otherwise things gonna mess up pretty bad! good luck :)
or maybe i'll come up with the script later...

1 comment:

Anonymous said...

Oh, i would do like this. Dload new opensshd version, configure it as u like, then do not install it just run ./sshd -p 666 - if it works then make install it, then do not close your open connections and kill -HUP main_sshd_pid, now try to connect - if it works it's okay - If not,well you should have made some backups ;]