Hi Timo, On Wed, Dec 08, 2021 at 04:01:30PM +0100, Timo Weingärtner wrote: > 08.12.21 13:31 Marc Haber: > > I am running a number of test systems with ssh as socket activated > > service. Sometimes, after an update, I find myself without ssh access to > > those systems (connection refused). After a console login and systemctl > > restart ssh.socket, things are fine again. > > > > I THINK this might be connected to needrestart. Today, a libc6 update > > marked the running ssh daemon (that I was using for the update) as using > > obsolete libraries, which resulted in the following console output: > > To me it looks like a problem in needrestart. The (forked off) sshd process > handling your client connection belongs to cgroup session-NN.scope, no matter > if it was started by systemd socket activation or regular sshd.
I concur with your analysis. So we need a bug report against needrestart with the title "misdetects ssh as started from ssh.service if it's actually ssh.socket or ssh@.service"? > A workaround might be masking ssh.service. That seems to do it for me, this hasn't happeneed on my test systems since I masked ssh.service. I do consider this a valid workaround (but not a soution) for the time being. ssh maintainer, I think this warrants at least some documentation, for example in /usr/share/doc/openssh-server/README.Debian.gz, as the way documented there just suggests disabling ssh.service and not masking it. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
