[Touch-packages] [Bug 1991283] Re: "sshd -i" breaks due to socket activation

Tue, 04 Oct 2022 01:10:41 -0700 

This bug was fixed in the package openssh - 1:9.0p1-1ubuntu7

---------------
openssh (1:9.0p1-1ubuntu7) kinetic; urgency=medium

  * Update list of stock sshd_config checksums to include those from
    jammy and kinetic.
  * Add a workaround for LP: #1990863 (now fixed in livecd-rootfs) to
    avoid spurious ucf prompts on upgrade.
  * Move /run/sshd creation out of the systemd unit to a tmpfile config
    so that sshd can be run manually if necessary without having to create
    this directory by hand.  LP: #1991283.

  [ Nick Rosbrook ]
  * debian/openssh-server.postinst: Fix addresses.conf generation when only
    non-default Port is used in /etc/ssh/sshd_config (LP: #1991199).

 -- Steve Langasek <vor...@debian.org>  Mon, 26 Sep 2022 21:55:14 +0000

** Changed in: openssh (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991283

Title:
  "sshd -i" breaks due to socket activation

Status in openssh package in Ubuntu:
  Fix Released

Bug description:
  On Jammy and earlier, simply running "sshd -i" worked.

  Now, it fails silently, and running it with "-d" gives me:

  Missing privilege separation directory: /run/sshd

  This directory is normally created with "RuntimeDirectory=sshd" as
  defined in /lib/systemd/system/ssh.service. In Jammy, this directory
  got created by the ssh service starting at boot, so "sshd -i" worked.

  Now, with socket activation, it no longer does that, so "sshd -i"
  fails unless someone has actually connected on TCP port 22 (which they
  often won't have, since that's the point of "sshd -i").

  systemd will then remove /run/sshd when the ssh service is stopped. I
  think maybe this won't interfere with an existing "sshd -i", but it's
  not really clean. Further, the privilege separation directory doesn't
  appear to be configurable - at least I couldn't find any mention in
  sshd_config(5).

  The workaround is to "mkdir -p /run/sshd && sshd -i" instead.

  Given that "sshd -i"'s use of /run/sshd isn't really related to the
  systemd service, maybe we should move the creation of that directory
  into tmpfiles.d instead?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991283/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to