Le mardi 29 novembre 2011 à 16:51 +0100, Philippe Basinska a écrit : > Package: sslh > Version: 1.6i-4 > Severity: normal > Tags: patch > > Hello, > > I didn't tag the issue with 'squeeze' label since I can't test it right > now on a testing system. However, init script of sslh seems different in > version 1.9. > > Whatever, my stable sslh daemon does not start automatically with Debian > Squeeze. The command `invoke-rc.d sslh start` is good enough to fix the > issue until next reboot. > > I saw following symlinks in /etc/rc2.d : > > lrwxrwxrwx 1 root root 14 6 févr. 2011 S01sslh -> ../init.d/sslh > lrwxrwxrwx 1 root root 13 6 févr. 2011 S03ssh -> ../init.d/ssh
On my Squeeze system, i have:
lrwxrwxrwx 1 root root 13 May 1 2011 S02ssh -> ../init.d/ssh
lrwxrwxrwx 1 root root 14 May 2 2011 S04sslh -> ../init.d/sslh
On another installation i have:
lrwxrwxrwx 1 root root 14 Dec 17 19:35 S01sslh -> ../init.d/sslh
lrwxrwxrwx 1 root root 13 Dec 17 18:36 S19ssh -> ../init.d/ssh
The start order is not important because sslh can redirect on another
host for ssh and/or ssl connections.
>
> I was surprised that ssh starts after sslh so I tried the following patch :
>
> server-bl:~# update-rc.d sslh remove
>
> server-bl:~# diff -u /tmp/sslh_before /etc/init.d/sslh
> --- /tmp/sslh_before 2011-11-29 11:55:07.305988947 +0100
> +++ /etc/init.d/sslh 2011-11-29 11:42:16.912254341 +0100
> @@ -22,7 +22,7 @@
> # Provides: sslh
> # Required-Start: $network $local_fs
> # Required-Stop:
> -# Should-Start: $named
> +# Should-Start: $named sshd
> # Should-Stop:
> # Default-Start: 2 3 4 5
> # Default-Stop: 0 1 6
>
> server-bl:~# update-rc.d sslh defaults
>
> server-bl:/etc/rc2.d# ls -l | grep "ssh\|sslh"
> lrwxrwxrwx 1 root root 13 6 févr. 2011 S03ssh -> ../init.d/ssh
> lrwxrwxrwx 1 root root 14 29 nov. 11:42 S04sslh -> ../init.d/sslh
>
> Now, my sslh daemon starts correctly with Debian system init processes.
>
> server-bl:~# service --status-all 2>&1 | grep sslh
> [ + ] sslh
I can't do this because sshd is not required on the same machine (and
sslh Recommends openssh-server or ssh-server, not Depends)
I've done the test a Squeeze virtual machine and i've noted that during
boot and with the following default network configuration
(/etc/network/interfaces):
allow-hotplug eth0
iface eth0 inet dhcp
the sslh daemon does not start with the following message (simply add -v
to DAEMON_OPTS in /etc/default/sslh + BOOTLOGD_ENABLE=Yes
in /etc/default/bootlogd):
Sat Dec 17 19:41:58 2011: Starting ssl/ssh multiplexer : sslhSSL addr:
127.0.0.1:443 (after timeout 2s)
Sat Dec 17 19:41:58 2011: SSH addr: 127.0.0.1:22
Sat Dec 17 19:41:58 2011: listening on 192.168.0.202:443
Sat Dec 17 19:41:58 2011: bind: Cannot assign requested address
I've set "ifconfig > /tmp/ifconfig" in /etc/init.d/sslh and seen that
the eth0 interface is not ready at this moment.
After replacing "allow-hotplug" by "auto" in /etc/network/interfaces,
sslh start as expected (and the interface is ready).
>
> For information, I checked sslh v1.9 (Wheezy) and the LSB items are different
> :
>
> server-bl:/tmp/sslh-1.9/scripts# head -n 8 etc.init.d.sslh
> #! /bin/sh
>
> ### BEGIN INIT INFO
> # Provides: sslh
> # Default-Start: 2 3 4 5
> # Default-Stop: 1
> # Short-Description: sslh proxy ssl & ssh connections
> ### END INIT INFO
>
> Maybe the problem is no more existing with Debian Wheezy.
>
> Regards,
> Philippe
>
> -- System Information:
> Debian Release: 6.0.3
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages sslh depends on:
> ii adduser 3.112+nmu2 add and remove users and groups
> ii libc6 2.11.2-10 Embedded GNU C Library: Shared
> lib
> ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers
> libra
>
> Versions of packages sslh recommends:
> ii apache2 2.2.16-6+squeeze4 Apache HTTP Server metapackage
> ii apache2-mpm-prefork [ 2.2.16-6+squeeze4 Apache HTTP Server - traditional
> n
> ii openssh-server [ssh-s 1:5.5p1-6+squeeze1 secure shell (SSH) server, for
> sec
>
> sslh suggests no packages.
>
> -- Configuration Files:
> /etc/default/sslh changed:
> RUN=yes
> DAEMON_OPTS="-u sslh -p 192.168.2.1:443 -s 127.0.0.1:22 -l 127.0.0.1:443 -P
> /var/run/sslh.pid"
>
> /etc/init.d/sslh changed:
> PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
> DAEMON=/usr/sbin/sslh # Introduce the server's location here
> NAME=sslh # Introduce the short server's name here
> DESC="ssl/ssh multiplexer" # Introduce a short description here
> PIDFILE=/var/run/$NAME.pid
> test -x $DAEMON || exit 0
> . /lib/lsb/init-functions
> DAEMON_OPTS="" # Additional options given to the server
> DIETIME=10 # Time to wait for the server to die, in seconds
> # If this value is set too low you might not
> # let some servers to die gracefully and
> # 'restart' will not work
> # If this value is set each time the server is
> # started (on start or restart) the script will
> # stall to try to determine if it is running
> # If it is not set and the server takes time
> # to setup a pid file the log message might
> # be a false positive (says it did not start
> # when it actually did)
> LOGFILE=$LOGDIR/$NAME.log # Server logfile
> # is set start-stop-daemon will chuid the server
> if [ -f /etc/default/$NAME ] ; then
> . /etc/default/$NAME
> fi
> if [ "x$RUN" != "xyes" ] ; then
> log_failure_msg "$NAME disabled, please adjust the configuration to your
> needs "
> log_failure_msg "and then set RUN to 'yes' in /etc/default/$NAME to
> enable it."
> exit 1
> fi
> if [ -n "$DAEMONUSER" ] ; then
> if getent passwd | grep -q "^$DAEMONUSER:"; then
> # Obtain the uid and gid
> DAEMONUID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print
> $3}'`
> DAEMONGID=`getent passwd |grep "^$DAEMONUSER:" | awk -F : '{print
> $4}'`
> else
> log_failure_msg "The user $DAEMONUSER, required to run $NAME does not
> exist."
> exit 1
> fi
> fi
> set -e
> running_pid() {
> pid=$1
> name=$2
> [ -z "$pid" ] && return 1
> [ ! -d /proc/$pid ] && return 1
> cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
> # Is this the expected server
> [ "$cmd" != "$name" ] && return 1
> return 0
> }
> running() {
> # No pidfile, probably no daemon present
> [ ! -f "$PIDFILE" ] && return 1
> pid=`cat $PIDFILE`
> running_pid $pid $DAEMON || return 1
> return 0
> }
> start_server() {
> if [ -z "$DAEMONUSER" ] ; then
> start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS
> errcode=$?
> else
> start-stop-daemon --start --quiet --pidfile $PIDFILE \
> --chuid $DAEMONUSER \
> --exec $DAEMON -- $DAEMON_OPTS
> errcode=$?
> fi
> return $errcode
> }
> stop_server() {
> if [ -z "$DAEMONUSER" ] ; then
> killproc -p $PIDFILE $DAEMON
> errcode=$?
> else
> start-stop-daemon --stop --quiet --pidfile $PIDFILE \
> --user $DAEMONUSER \
> --exec $DAEMON
> errcode=$?
> fi
> return $errcode
> }
> reload_server() {
> [ ! -f "$PIDFILE" ] && return 1
> pid=pidofproc $PIDFILE # This is the daemon's pid
> # Send a SIGHUP
> kill -1 $pid
> return $?
> }
> force_stop() {
> [ ! -e "$PIDFILE" ] && return
> if running ; then
> kill -15 $pid
> # Is it really dead?
> sleep "$DIETIME"s
> if running ; then
> kill -9 $pid
> sleep "$DIETIME"s
> if running ; then
> echo "Cannot kill $NAME (pid=$pid)!"
> exit 1
> fi
> fi
> fi
> rm -f $PIDFILE
> }
> case "$1" in
> start)
> log_daemon_msg "Starting $DESC " "$NAME"
> # Check if it's running first
> if running ; then
> log_progress_msg "apparently already running"
> log_end_msg 0
> exit 0
> fi
> if start_server ; then
> # NOTE: Some servers might die some time after they start,
> # this code will detect this issue if STARTTIME is set
> # to a reasonable value
> [ -n "$STARTTIME" ] && sleep $STARTTIME # Wait some time
> if running ; then
> # It's ok, the server started and is running
> log_end_msg 0
> else
> # It is not running after we did start
> log_end_msg 1
> fi
> else
> # Either we could not start it
> log_end_msg 1
> fi
> ;;
> stop)
> log_daemon_msg "Stopping $DESC" "$NAME"
> if running ; then
> # Only stop the server if we see it running
> errcode=0
> stop_server || errcode=$?
> log_end_msg $errcode
> else
> # If it's not running don't do anything
> log_progress_msg "apparently not running"
> log_end_msg 0
> exit 0
> fi
> ;;
> force-stop)
> # First try to stop gracefully the program
> $0 stop
> if running; then
> # If it's still running try to kill it more forcefully
> log_daemon_msg "Stopping (force) $DESC" "$NAME"
> errcode=0
> force_stop || errcode=$?
> log_end_msg $errcode
> fi
> ;;
> restart|force-reload)
> log_daemon_msg "Restarting $DESC" "$NAME"
> errcode=0
> stop_server || errcode=$?
> # Wait some sensible amount, some server need this
> [ -n "$DIETIME" ] && sleep $DIETIME
> start_server || errcode=$?
> [ -n "$STARTTIME" ] && sleep $STARTTIME
> running || errcode=$?
> log_end_msg $errcode
> ;;
> status)
> log_daemon_msg "Checking status of $DESC" "$NAME"
> if running ; then
> log_progress_msg "running"
> log_end_msg 0
> else
> log_progress_msg "apparently not running"
> log_end_msg 1
> exit 1
> fi
> ;;
> # Use this if the daemon cannot reload
> reload)
> log_warning_msg "Reloading $NAME daemon: not implemented, as the
> daemon"
> log_warning_msg "cannot re-read the config file (use restart)."
> ;;
> *)
> N=/etc/init.d/$NAME
> echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}"
> >&2
> exit 1
> ;;
> esac
> exit 0
>
>
> -- no debconf information
>
>
>
--
Guillaume Delacour <g...@iroqwa.org>
signature.asc
Description: Ceci est une partie de message numériquement signée
