Ted Roche writes: > Oh, a reminder: a fellow GNHLUGer told a tale not too long ago about > testing ssh changes: always keep an exiting connection open when > you're making changes. This way, when you lock yourself out of making > new connections with the changes, you can use your old connection to > reverse the changes. A good lesson learned. By someone else!
I usually test out sshd/firewall changes by employing the following two schemes: 1: as a quick test, I run "sshd -e -d -p 1234", where "1234" is the number of some temporary, unused port. Then I "ssh -p 1234" from some other machine to test the config changes. 2: when I test out firewall (iptables) rules, I generally check once, check again, and then I test by typing this: /etc/init.d/iptables restart ; sleep 600 ; /etc/init.d/iptables stop During the five minutes that my new rules are in effect, I test. However, in the event that something goes haywire, I know that in five minutes I will have access again. Seriously, by combining these two practices, I have kept myself out of some very tough situations.... Regards, --kevin -- alumni.unh.edu!kdc / http://kdc-blog.blogspot.com/ GnuPG: D87F DAD6 0291 289C EB1E 781C 9BF8 A7D8 B280 F24E Wipe him down with gasoline 'til his arms are hard and mean From now on boys this iron boat's your home So heave away, boys. -- Tom Waits _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/