Public bug reported:
Used distribution
Ubuntu 24.04.2 LTS
Linux kernel version used: 6.8.0-55-generic
OpenSSH Version: 1:9.6p1-3ubuntu13.5
CPU architectures issue was seen on
x86_64
Component
sshd-socket-generator
Expected behaviour you didn't see
In a SSHD socket based, if user changes the default configuration regarding
addressfamily in /etc/sshd/sshd_config is not honored .
ex:
> head -10 /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
Port 222
AddressFamily inet # disable SSHD on ipv6
# ListenAddress 0.0.0.0 # default value, not need to change
> systemctl daemon-reload
> systemctl restart ssh.socket sshd.service
Result:
> systemctl cat ssh.socket
# /usr/lib/systemd/system/ssh.socket
[Unit]
Description=OpenBSD Secure Shell server socket
Before=sockets.target ssh.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Socket]
ListenStream=22
Accept=no
FreeBind=yes
[Install]
WantedBy=sockets.target
RequiredBy=ssh.service
# /run/systemd/generator/ssh.socket.d/addresses.conf
# Automatically generated by sshd-socket-generator
[Socket]
ListenStream=
ListenStream=222 # << This should be 0.0.0.0:222 since ipv6 should be disabled
> lsof -i:222
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 57u IPv6 57859 0t0 TCP *:222 (LISTEN)
sshd 1927 root 3u IPv6 57859 0t0 TCP *:222 (LISTEN)
Describe the solution you'd like
As state above, since if the port is changed in /etc/ssh/sshd_config and a
daemon-reload is issued, the change is correctly applied to socket,
in same way the change of IP protocol should be honored, otherwise this could
lead people to wrongly assume their change has been honored while that change
has not been considered.
Moreover is also dangerous not to consider this change, since if SSHD is using
socket activation, the addressfamily is completely ignored by systemd and sshd.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2103632
Title:
sshd-socket-generator - not honoring addressfamily defined in
/etc/sshd/sshd_conf
Status in openssh package in Ubuntu:
New
Bug description:
Used distribution
Ubuntu 24.04.2 LTS
Linux kernel version used: 6.8.0-55-generic
OpenSSH Version: 1:9.6p1-3ubuntu13.5
CPU architectures issue was seen on
x86_64
Component
sshd-socket-generator
Expected behaviour you didn't see
In a SSHD socket based, if user changes the default configuration regarding
addressfamily in /etc/sshd/sshd_config is not honored .
ex:
> head -10 /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
Port 222
AddressFamily inet # disable SSHD on ipv6
# ListenAddress 0.0.0.0 # default value, not need to change
> systemctl daemon-reload
> systemctl restart ssh.socket sshd.service
Result:
> systemctl cat ssh.socket
# /usr/lib/systemd/system/ssh.socket
[Unit]
Description=OpenBSD Secure Shell server socket
Before=sockets.target ssh.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Socket]
ListenStream=22
Accept=no
FreeBind=yes
[Install]
WantedBy=sockets.target
RequiredBy=ssh.service
# /run/systemd/generator/ssh.socket.d/addresses.conf
# Automatically generated by sshd-socket-generator
[Socket]
ListenStream=
ListenStream=222 # << This should be 0.0.0.0:222 since ipv6 should be
disabled
> lsof -i:222
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 57u IPv6 57859 0t0 TCP *:222 (LISTEN)
sshd 1927 root 3u IPv6 57859 0t0 TCP *:222 (LISTEN)
Describe the solution you'd like
As state above, since if the port is changed in /etc/ssh/sshd_config and a
daemon-reload is issued, the change is correctly applied to socket,
in same way the change of IP protocol should be honored, otherwise this could
lead people to wrongly assume their change has been honored while that change
has not been considered.
Moreover is also dangerous not to consider this change, since if SSHD is
using socket activation, the addressfamily is completely ignored by systemd and
sshd.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2103632/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
