Monday, May 21, 2007

gURLChecker accepted into Debian

gURLChecker has been officially packaged for the Debian distribution. I'm therefor going to remove my own package of this piece of software from my repository. Updating to the official Debian packages should work without problems.

Monday, May 14, 2007

Etch, sftp and the rssh shell

And finally I discovered an issue. SFTP did not work anymore. The debug session showed:

debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

The user only has the RSSH shell (sftp enabled) and he is further limited by the following entry in .ssh/authorized_keys:

command="/usr/lib/sftp-server" [SSH-key]

But this doesn't work anymore. /usr/lib/sftp-server now is a symlink to /usr/lib/openssh/sftp-server and I had to change the .ssh/authorized_keys for the user to:

command="/usr/lib/openssh/sftp-server" [SSH-key]

and access is granted again.


This one can be found in syslog:

rssh[xxx]: user XXX attempted to execute forbidden commands
rssh[xxx]: command: /usr/lib/sftp-server

Sarge -> Etch transition

Yesterday I've finally updated my server from Sarge to Etch (around 300 packages to update, 100 newly installed, 15 to remove). The whole transition went smooth in a screen session in about 4 hours or so.

  1. I began with a normal upgrade as suggested by the release notes.
  2. The next step introduced the new initrd-tools and libc6 to the system ...
  3. ... followed by the installation of a new linux-image and udev.
  4. The last step in updating the packages involved a complete dist-upgrade.
  5. Then it was time for a reconfiguration of all the services, that installed massively changed config files [1] and fixing all the chroots and broken package configurations caused by package transitions.
  6. The reboot brought up the system at first go. Checking with dmesg and bootlogd did not show any serious issues: /dev ok and all services up and running with the new kernel. So besides a few modules, which are not longer available or changed their name, no issues occured.
  7. With the new system up and running I did some cleanup, removing unused packages and those, that were removed in Etch (all together around 25).

That's all. New system up and running (with a few configuration works left) and no need to restore the system from the image :). So yes, I'm satisfied. Let's see, if issues will occur later.

[1] In this case I installed the package maintainers version and re-added my changes later.