How can you restart SSHD remotely without rebooting the system?

Tim

Yes, just use the initscript that normally runs it. In most cases you'd do "/etc/init.d/sshd restart" as root. If the script isn't at that location and you can't find it, let us know which distro you use and somebody should be able to tell you where it is.

I have actually done this myself without problem, it will just restart the parent sshd but not any of the child processes that are launched when someone logs in, so you will then have to log out and log back in for any changes to take effect.

Thanks!

SSHD is running from /usr/sbin/sshd but when I run it to restart I get:

[root@webserver tbest]# /usr/sbin/sshd restart
Extra argument restart.

???

"/etc/init.d/sshd restart"
not
"/usr/sbin/sshd restart"

Thanks for the correction, here's what ahppened:

[root@webserver tbest]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd:Disabling protocol version 1. Could not load host key
/var/empty/sshd must be owned by root and not group or world-writable.
[FAILED]
[root@webserver tbest]# ls -l /var/empty
total 4
drwxrwxr-x 2 root root 4096 Mar 16 2004 sshd
[root@webserver tbest]# chmod 755 /var/empty/sshd
[root@webserver tbest]# /etc/init.d/sshd restart


<Your 'OPENSSH' connection has terminated>

Now when I try to get in it gives me 'invalid password' before it prompts me to enter a password. This happens when I login as myself or root.

Tell me what I did wrong and give me the lashings I deserve :-/
T

chmod 700 /var/empty/sshd

I have not done the CHMOD 700 /var/empty/sshd yet but I can get in.

If I run the chmod command will it keep me from logging in? My question is, what does this actually do?

/T

Originally posted by besttb
My question is, what does this actually do? sshd uses an interesting idea called privilege separation. There are actually two communicating processes involved with sshd -- the process that does all the network communication is one, and the process that does everything else (validating passwords, creating virtual terminals to log users in on, etc.) is the other.

The process that does all the network communication does a few things to itself every time it starts, to help ensure that if it's compromised by bad data coming over the network, not much else can be compromised at the same time. First, after it establishes the main TCP-port-22 socket, it turns itself into some non-root user. Then, it takes that user's home directory (which it found out earlier when it was still running as root), and chroot()s into it. chroot() makes the target directory into the root directory of the current process, so that nothing that the process does can affect anything outside the target directory.

The target directory in this case must be empty, because otherwise that low-privilege sshd process might have an avenue of entry into the rest of the system. To ensure that the target directory stays empty, sshd checks its permissions before it starts, to ensure that nobody other than root can write to it. (Write permission on a directory affects the ability to create and delete files.)

so if I do:
chmod 700 /var/empty

will I still be able to access the server with ssh with a regular user?

R/
T

I don't see any reason why not (all you're doing is removing read and execute access for users that don't try to list or enter that directory anyway). But you probably want to make sure you have some other way in, just in case.