Thanks for filing this bug report. This appears to be configuration issue on your end, but you're correct that it is new in the recent update.
tl;dr - You should not edit the systemd units directly. Just add your sshd_config.d drop-in, and run: $ systemctl daemon-reload $ systemctl restart ssh.socket See the comment near the top of /etc/ssh/sshd_config. -- The longer version of things - the last update added BindIPv6Only=ipv6-only to ssh.socket. This is required so that ipv6-only (i.e. AddressFamily inet6) setups are honored. However, setting that option changes the behavior of ListenStream=<port> [1]. Namely, a single port number in ListenStream= is interpreted as a port to listen on via IPv6. By default, it is also available on IPv4, but not when BindIPv6Only=ipv6-only. And, with your override (via systemctl edit) is in place, you end up with: root@n:~# systemctl cat ssh.socket # /usr/lib/systemd/system/ssh.socket [Unit] Description=OpenBSD Secure Shell server socket Before=sockets.target ssh.service ConditionPathExists=!/etc/ssh/sshd_not_to_be_run [Socket] ListenStream=0.0.0.0:22 ListenStream=[::]:22 BindIPv6Only=ipv6-only Accept=no FreeBind=yes [Install] WantedBy=sockets.target RequiredBy=ssh.service # /run/systemd/generator/ssh.socket.d/addresses.conf # Automatically generated by sshd-socket-generator [Socket] ListenStream= ListenStream=0.0.0.0:22 ListenStream=[::]:22 ListenStream=0.0.0.0:1221 ListenStream=[::]:1221 # /etc/systemd/system/ssh.socket.d/override.conf [Socket] ListenStream= ListenStream=22 ListenStream=1221 root@n:~# lsof -i :22 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root 3u IPv6 2143641 0t0 TCP *:ssh (LISTEN) sshd 864 root 3u IPv6 2143641 0t0 TCP *:ssh (LISTEN) But, if you remove your override, and let sshd-socket-generator handle the port configuration as it's designed to do, things are resolved: root@n:~# rm /etc/systemd/system/ssh.socket.d/override.conf root@n:~# systemctl daemon-reload root@n:~# systemctl restart ssh.socket root@n:~# systemctl cat ssh.socket # /usr/lib/systemd/system/ssh.socket [Unit] Description=OpenBSD Secure Shell server socket Before=sockets.target ssh.service ConditionPathExists=!/etc/ssh/sshd_not_to_be_run [Socket] ListenStream=0.0.0.0:22 ListenStream=[::]:22 BindIPv6Only=ipv6-only Accept=no FreeBind=yes [Install] WantedBy=sockets.target RequiredBy=ssh.service # /run/systemd/generator/ssh.socket.d/addresses.conf # Automatically generated by sshd-socket-generator [Socket] ListenStream= ListenStream=0.0.0.0:22 ListenStream=[::]:22 ListenStream=0.0.0.0:1221 ListenStream=[::]:1221 root@n:~# lsof -i :22 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root 3u IPv4 2155385 0t0 TCP *:ssh (LISTEN) systemd 1 root 43u IPv6 2155386 0t0 TCP *:ssh (LISTEN) sshd 930 root 3u IPv4 2155385 0t0 TCP *:ssh (LISTEN) sshd 930 root 4u IPv6 2155386 0t0 TCP *:ssh (LISTEN) [1] https://www.freedesktop.org/software/systemd/man/latest/systemd.socket.html#ListenStream= ** Changed in: openssh (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2118912 Title: openssh-server unavailable after upgrade to 1:9.6p1-3ubuntu13.13 Status in openssh package in Ubuntu: Invalid Bug description: Ubuntu release: Ubuntu 24.04.2 LTS Package affected version: openssh-server:1:9.6p1-3ubuntu13.13 ------- After upgrading openssh-server:1:9.6p1-3ubuntu13.11 and openssh- server:1:9.6p1-3ubuntu13.12 to openssh-server:1:9.6p1-3ubuntu13.13 using unattended upgrades I found my Ubuntu 24 server unreachable via ssh. During intial setup I changed my ssh configuration adding TCP 1221 to its binding ports, to make that I followed these steps: cat << EOF > /etc/ssh/sshd_config.d/custom.conf Port 1221 Port 22 PermitRootLogin no PasswordAuthentication no EOF systemctl edit ssh.socket # adding these lines [Socket] ListenStream= ListenStream=22 ListenStream=1221 If I don't add any of those configuration changes to ssh.service and ssh.socket ssh is still available on standard tcp port 22 after upgrading to version 1:9.6p1-3ubuntu13.13. I I add those changes AFTER upgrading to version 1:9.6p1-3ubuntu13.13 the problem still occurr and ssh will become unavailable. Downgrade to previous version (1:9.6p1-3ubuntu13.11 or 1:9.6p1-3ubuntu13.12 fixes the problem without changing any of the previous customizations. Syntax to downgrade: sudo apt update; sudo apt install -y openssh-client=1:9.6p1-3ubuntu13.11 openssh-server=1:9.6p1-3ubuntu13.11 openssh-sftp-server=1:9.6p1-3ubuntu13.11 Steps to reproduce the problem on a new Ubuntu instance (tested both on AWS EC2 and GCP instances): 1. create a new instance based on Ubuntu 24LTS AMI 2. add TCP port 1221 (or any port you want) to ssh binding cat << EOF > /etc/ssh/sshd_config.d/custom.conf Port 1221 Port 22 PermitRootLogin no PasswordAuthentication no EOF systemctl edit ssh.socket # add these lines [Socket] ListenStream= ListenStream=22 ListenStream=1221 systemctl restart ssh.service ssh.socket 3. check ssh is available on TCP 22 and TCP 1221 (check firewall or security group) 4. upgrade system packages (make sure to upgrade openssh-server to version 1:9.6p1-3ubuntu13.13 sudo apt update ; sudo apt upgrade -y 5. sudo shutdown -r now 6. ssh unavailable after reboot but ssh.service and ssh.socket do not show any error or problem whatsoever. Thanks Tas To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2118912/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
