Re: [Supervisor-users] Is it wise to let supervisord start sshd?

Tue, 22 Sep 2015 10:08:32 -0700 

Hummm... i think we all lost control of a server after blunty modifying
the SSH configuration remotely, at least once ;)

If you're concerned, you could set up a second 'backup' SSH server, eg
on port 2222, either with a second OpenSSH instance, or with dropbear,
using supervisor, and leaving the main instance untouched.

Of course it has a security impact (attack surface++) and should be done
carefully.

Regards,
Stephane




Lennart Ramberg a écrit :
> Thanks guys,
> 
> No, no specific reason.
> Just concerned about losing contact with a remote system, should sshd
> stop for whatever reason.
> 
> /Lennart
> 
> 
> On Tue, Sep 22, 2015 at 11:59 AM, Gustavo Carneiro <[email protected]
> <mailto:[email protected]>> wrote:
> 
>     I agree with Mikko that your main sshd should probably be left
>     alone.  But if for some reason you need to start a second sshd
>     instance, listening on a different port and with different config
>     file, it's pretty easy:
> 
>     [program:my_sshd]
>     command = /usr/sbin/sshd -D -f /my/sshd_config
>     redirect_stderr=true
>     stopasgroup=true
>     killasgroup=true
> 
> 
> 
>     On 22 September 2015 at 10:44, Mikko Ohtamaa
>     <[email protected] <mailto:[email protected]>> wrote:
> 
> 
> 
>             Currently my sshd is started via a script executed by
>             etc/init.d/rcS
>             Would it be wise to instead let supervisord start sshd?
>             (I assume it must be started by supervisord, or it can't be
>             supervised.)
> 
> 
>         Unless you know any specific reason why you would do this, stick
>         to the distribution policy.
> 
> 
>         -- 
>         Mikko Ohtamaa
>         http://opensourcehacker.com
>         http://twitter.com/moo9000
> 
> 
>         _______________________________________________
>         Supervisor-users mailing list
>         [email protected]
>         <mailto:[email protected]>
>         https://lists.supervisord.org/mailman/listinfo/supervisor-users
> 
> 
> 
> 
>     -- 
>     Gustavo J. A. M. Carneiro
>     Gambit Research
>     "The universe is always one step beyond logic." -- Frank Herbert
> 
> 
> _______________________________________________
> Supervisor-users mailing list
> [email protected]
> https://lists.supervisord.org/mailman/listinfo/supervisor-users
_______________________________________________
Supervisor-users mailing list
[email protected]
https://lists.supervisord.org/mailman/listinfo/supervisor-users

Reply via email to