sshd vs openvpn
Elan Ruusamäe
glen at pld-linux.org
Tue Oct 7 03:57:48 CEST 2008
hi
we had suffered one incident when one server did not came "up" because openvpn
had server certificate which was protected by password and therefore it was
waiting for password input and no other service (sshd was crucial) was not
brought up until someone pressed enter.
$ l /etc/rc.d/rc3.d/*vpn
lrwxrwxrwx 1 root root 24 2008-09-02 00:08 /etc/rc.d/rc3.d/S11openvpn -> /etc/rc.d/init.d/openvpn*
l /etc/rc.d/rc3.d/*sshd
lrwxrwxrwx 1 root root 21 2008-07-28 22:14 /etc/rc.d/rc3.d/S55sshd -> /etc/rc.d/init.d/sshd*
perhaps cchange start priorities so that sshd is started before openvpn?
then there could be other services that block startup same way?
change sshd to be as early as possible?
out of my mind came that sshd should be after "random" and "network" initscripts...
nothing else should matter...
however if you depend sshd being "visible" also in openvpn device we can't do this...
maybe it would be possible to setup some timeout for openvpn key input
and then proceed further if no passphrase was input within that time period?
any other toughts?
--
glen
More information about the pld-devel-en
mailing list