Bug#998834: marked as done (Multiple subsystem options in sshd_config prevent sshd from starting)

Debian Bug Tracking System Sun, 30 Nov 2025 12:11:15 -0800

Your message dated Sun, 30 Nov 2025 20:08:36 +0000
with message-id <[email protected]>
and subject line Re: Bug#998834: Multiple subsystem options in sshd_config 
prevent sshd from starting
has caused the Debian Bug report #998834,
regarding Multiple subsystem options in sshd_config prevent sshd from starting
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
998834: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998834
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: openssh-server
Version: 1:8.7p1-1
Severity: important

Dear maintainers,

In /etc/ssh/sshd_config the option

  "Subsystem sftp /usr/lib/openssh/sftp-server"

is active by default.

"man 5 sshd_config" states:

  "/etc/ssh/sshd_config.d/*.conf files are included at the start of the
  configuration file, so options set there will override those in
  /etc/ssh/sshd_config."

However, after adding

  "Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO"

to /etc/ssh/sshd_config.d/10-marcus-sshd-config.conf, the ssh server fails
to start.

Hence, my attempt to leave the original sshd_config untouched and move
all my manually modified settings to a file parsed via the include
directive results in a broken ssh server.

Running "sshd -T" tells:

  /etc/ssh/sshd_config line 116: Subsystem 'sftp' already defined.

This undocumented behaviour contradicts the statement of the man page cited
above. I could not find any Debian bug report in the openssh-* packages
regarding this issue (please forgive me if I missed it).

In the end I dropped my new approach of using
/etc/ssh/sshd_config.d/*.conf and went back to a manually modified
/etc/ssh/sshd_config, until this issue is solved.

By the way, after a brief search on the error message I found the same
problem reported there as well:

https://bugzilla.mindrot.org/show_bug.cgi?id=3236

(Thus, I used the same subject line as in the cited bug report.)

Best regards,
Marcus

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.79
ii  dpkg                   1.20.9
ii  libaudit1              1:3.0.6-1
ii  libc6                  2.32-4
ii  libcom-err2            1.46.4-1
ii  libcrypt1              1:4.4.25-2
ii  libgssapi-krb5-2       1.18.3-7
ii  libkrb5-3              1.18.3-7
ii  libpam-modules         1.4.0-10
ii  libpam-runtime         1.4.0-10
ii  libpam0g               1.4.0-10
ii  libselinux1            3.1-3+b1
ii  libssl1.1              1.1.1l-1
ii  libsystemd0            249.5-2
ii  libwrap0               7.6.q-31
ii  lsb-base               11.1.0
ii  openssh-client         1:8.7p1-1
ii  openssh-sftp-server    1:8.7p1-1
ii  procps                 2:3.3.17-5
ii  runit-helper           2.10.3
ii  ucf                    3.0043
ii  zlib1g                 1:1.2.11.dfsg-2

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  249.5-2
pn  ncurses-term             <none>
ii  xauth                    1:1.1-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information excluded

--- End Message ---

--- Begin Message ---
Source: openssh
Source-Version: 1:9.5p1-1

On Mon, Sep 04, 2023 at 10:13:51PM +0200, Jan Wagner wrote:
Am 09.05.23 um 09:43 schrieb Jan Wagner:
https://bugzilla.mindrot.org/attachment.cgi?id=3591&action=diff&collapsed=&headers=1&format=raw
 has a patch for this
what needs to happen to raise the chance to get that integrated? It'ssuper annoying to work around this and (re)integrate this back afterevery dist upgrade. If Debian wants to be user friedly this is afeature which might underline it.
According to https://bugzilla.mindrot.org/show_bug.cgi?id=3236, this wasfixed in OpenSSH 9.5 (and hence in Debian 13).
Thanks,

--
Colin Watson (he/him)                              [[email protected]]
--- End Message ---

Bug#998834: marked as done (Multiple subsystem options in sshd_config prevent sshd from starting)

Reply via email to