i have installed 7.0 clean with a custom server installation, including openssh. everything functions correctly except: when restarting sshd like this: /etc/rc.d/init.d/sshd restart (or condrestart, or stop start) the existing ssh session remains alive, but no new sessions can be started. in addition, restarting a second time causes the existing session to also be dropped. this has the following effect: no access can be gained to the server until sshd is restarted from the console (assuming telnet is blocked) i have no idea whether it is possible, but could someone use this to cause sshd to restart - denying access to the sysadm - in order to hide their activities or as a DOS attack? below is the /etc/ssh/sshd_config file: # This is ssh server systemwide configuration file. Port 22 Protocol 2,1 ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no # Uncomment to disable s/key passwords #SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes CheckMail no UseLogin no Subsystem sftp /usr/local/sbin/sftpd
ooops! i have now found an earlier bug report which pertains to the same problem - 18023 - updated init scripts have apparently been prepared, and will be included in a future bugfix release. you're too fast for me! Andy Nash *** This bug has been marked as a duplicate of 18023 ***