@tronde, I just tried and the fix worked for me.
With the proposed package:
root@xenial-ssh-reload:~# ps fxaw
PID TTY STAT TIME COMMAND
1 ? Ss 0:02 /sbin/init
55 ? Ss 0:00 /lib/systemd/systemd-journald
...
2443 ? Ss 0:00 /usr/sbin/sshd -D
Note the sshd pid: 2443
Reload fails after the config file is corrupted, as expected:
root@xenial-ssh-reload:~# echo "blah blah" >>/etc/ssh/sshd_config
root@xenial-ssh-reload:~# systemctl reload ssh
Job for ssh.service failed because the control process exited with error code.
See "systemctl status ssh.service" and "journalctl -xe" for details.
But service is still running as before, same pid:
root@xenial-ssh-reload:~# ps fxaw
PID TTY STAT TIME COMMAND
1 ? Ss 0:02 /sbin/init
...
2443 ? Ss 0:00 /usr/sbin/sshd -D
And status agrees:
root@xenial-ssh-reload:~# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset:
enabled)
Active: active (running) (Result: exit-code) since Wed 2018-10-10 18:00:30
UTC; 1min 55s ago
Process: 2491 ExecReload=/usr/sbin/sshd -t (code=exited, status=255)
Process: 2442 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 2443 (sshd)
Tasks: 1
Memory: 1.5M
CPU: 24ms
CGroup: /system.slice/ssh.service
└─2443 /usr/sbin/sshd -D
Oct 10 18:00:30 xenial-ssh-reload systemd[1]: Starting OpenBSD Secure Shell
server...
Oct 10 18:00:30 xenial-ssh-reload sshd[2443]: Server listening on 0.0.0.0 port
22.
Oct 10 18:00:30 xenial-ssh-reload sshd[2443]: Server listening on :: port 22.
Oct 10 18:00:30 xenial-ssh-reload systemd[1]: Started OpenBSD Secure Shell
server.
Oct 10 18:01:01 xenial-ssh-reload systemd[1]: Reloading OpenBSD Secure Shell
server.
Oct 10 18:01:01 xenial-ssh-reload sshd[2491]: /etc/ssh/sshd_config: line 89:
Bad configuration option: blah
Oct 10 18:01:01 xenial-ssh-reload sshd[2491]: /etc/ssh/sshd_config:
terminating, 1 bad configuration options
Oct 10 18:01:01 xenial-ssh-reload systemd[1]: ssh.service: Control process
exited, code=exited status=255
Oct 10 18:01:01 xenial-ssh-reload systemd[1]: Reload failed for OpenBSD Secure
Shell server.
Note how it logged that there was a bad config option (as a result of calling
sshd -t before the actual reload).
Could you please double check? For me, this update is fine.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1771340
Title:
sshd failed on config reload
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Xenial:
Fix Committed
Status in openssh package in Debian:
Fix Released
Bug description:
[Impact]
sshd doesn't check the configuration when reloading.
If a user generates an invalid configuration file, sshd will shut down
and not come back up when the user issues a reload.
[Test Case]
$ lxc launch ubuntu:xenial tester
$ lxc exec tester bash
# echo "blah blah" >>/etc/ssh/sshd_config
# systemctl reload sshd
Job for ssh.service failed because the control process exited with error
code. See "systemctl status ssh.service" and "journalctl -xe" for details.
# systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset:
enabled)
Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s
ago
* The service should have checked the config file, failed to reload,
but remained active in its current configuration. In this case ssh has
shut down.
[Regression Potential]
This code will only trigger on an invalid configuration file (in which
case sshd would not load anyway), so there should be no regressions.
[Other Info]
autopkgtest [13:45:46]: test regress: -----------------------]
autopkgtest [13:45:47]: test regress: - - - - - - - - - - results - - - - -
- - - - -
regress PASS
autopkgtest [13:45:47]: @@@@@@@@@@@@@@@@@@@@ summary
regress PASS
[Original Description]
After adding some lines to /etc/ssh/sshd_config I tried to reload the
configuration with the command:
```
sudo systemctl reload sshd
```
No error message was returned. So I assumed that the sshd was running
with the current config. But `sudo systemctl status sshd` told me that
the service failed due to a wrong option in /etc/ssh/sshd_config.
Please see the following output:
~~~
:~$ sudo vim /etc/ssh/sshd_config
:~$ sudo systemctl reload sshd
:~$ sudo systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset:
enabled)
Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s
ago
Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited,
status=0/SUCCESS)
Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited,
status=255)
Main PID: 7536 (code=exited, status=255)
~~~
I would expect that a warning or error message is returned when the
service fails while reloading it's configuration.
A fix for this behaviour would be appreciated.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openssh-server 1:7.2p2-4ubuntu2.4
ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39
Uname: Linux 3.13.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.17
Architecture: amd64
Date: Tue May 15 10:18:25 2018
InstallationDate: Installed on 2013-01-10 (1950 days ago)
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release
amd64 (20120817.3)
SourcePackage: openssh
UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago)
mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771340/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
