[Touch-packages] [Bug 1991566] Re: Package creates a socket file for all addresses of all families, even when bind to a single address

Steve Langasek Mon, 03 Oct 2022 10:55:34 -0700

Your bug report is against jammy, but socket activation is a default for
ssh only in kinetic.  Were you using ubuntu-bug from a different machine
than the one affected?


> In order to make this happen, I had to "break" the socket file
installed by the package at:

> /etc/systemd/system/sockets.target.wants/ssh.socket

So first of all, this is a symlink to a file under /lib; your changes
will be overwritten on package upgrade.

Secondly, listening on all interfaces is a default for openssh, both before and 
after the move to socket-based activation.  To configure the systemd socket 
unit to listen on a particular interface, you need only drop an override file 
in /etc/systemd/system/ssh.socket.d/ with the contents:
[Socket]
ListenStream=
ListenStream=$address:22

** Changed in: openssh (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991566

Title:
  Package creates a socket file for all addresses of all families, even
  when bind to a single address

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  I am configuring OpenSSH to listen only on ipv4 and only on one
  interface and one address, with nginx listening on 22 on the other
  interface, and families.

  In order to make this happen, I had to "break" the socket file
  installed by the package at:

  /etc/systemd/system/sockets.target.wants/ssh.socket

  To read as follows:

  [Unit]
  Description=OpenBSD Secure Shell server socket
  Before=ssh.service
  Conflicts=ssh.service
  ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

  #[Socket]
  #ListenStream=22
  #Accept=yes

  #[Install]
  #WantedBy=sockets.target

  (Commented out the lines that installed the socket)

  Then a daemon-reload, and restart of ngxinx, and all components of the
  solution are working as required.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: openssh-server 1:8.9p1-3 [modified: lib/systemd/system/ssh.socket]
  ProcVersionSignature:
   
  Uname: Linux 5.15.53-1-pve x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Mon Oct  3 16:36:37 2022
  ProcEnviron:
   TERM=linux
   PATH=(custom, no user)
   LANG=C
   SHELL=/bin/bash
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991566/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991566] Re: Package creates a socket file for all addresses of all families, even when bind to a single address

Reply via email to