@Adriaan thanks for providing some minimal steps to reproduce the problem, I indeed can reproduce it. Interestingly reversing the two sshd_config lines, like this:
Port 7722 Include /etc/ssh/something_else causes sshd to listen only on port 7722. I think this is an upstream OpenSSH bug, and should be reported to the upstream portable OpenSSH bug tracker: https://bugzilla.mindrot.org/ I had a look at the existing bugs but only found this one related to the Include functionality: https://bugzilla.mindrot.org/show_bug.cgi?id=3122 It's a problem specific to Match stanzas, so I don't think it applies here, however it tells us there are probably still some edge cases to iron out. Do you think you can follow up and file a bug upstream? If you do, please link to it here. Thanks! ** Bug watch added: OpenSSH Portable Bugzilla #3122 https://bugzilla.mindrot.org/show_bug.cgi?id=3122 ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1876320 Title: Port parameter sshd_config is 22 AND whatever you specify Status in openssh package in Ubuntu: Incomplete Bug description: On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd deamons. One (on port 22) is for internal use, accepts passwords etc. The second (on port 7722) does not allow PAM use and no passwords, allows only one user(name) and uses an alternative autorized_keys file (that only root can edit). Any parameter FIRST encountered in sshd_config is the one that is accepted; others do not override (like in many other config files). There is one exception: 'Port', which is accumulative. To make life easier, I set the more restrictive parameters for port 7722 first and next include the system-default /etc/ssh/sshd_config. The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify 'Port' anywhere - the default is 22. But: it is obviously still accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722 AND 22. This is unwanted. Proposed solution: Remove the accumulative behavior for 'Port' and REQUIRE the 'Port' parameter like before (and maybe have second and later parameters override the earlier ones, like 'everyone else'). Regards, Adriaan PS Searching for solutions, I found that specifying 'ListenAddress 0.0.0.0:7722' stops sshd from listening to port 22. This, however, is not documented in 'man 5 sshd_config' and may be an unreliable side- effect. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
