[Bug 2103633] [NEW] sshd-socket-generator - not honoring addressfamily defined in /etc/sshd/sshd_conf

Wed, 19 Mar 2025 08:05:45 -0700 

Public bug reported:

Used distribution
Ubuntu 24.04.2 LTS

Linux kernel version used: 6.8.0-55-generic
OpenSSH Version: 1:9.6p1-3ubuntu13.5

CPU architectures issue was seen on
x86_64

Component
sshd-socket-generator

Expected behaviour you didn't see
In a SSHD socket based, if user changes the default configuration regarding 
addressfamily in /etc/sshd/sshd_config is not honored .

ex:

> head -10 /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
Port 222
AddressFamily inet         # disable SSHD on ipv6
# ListenAddress 0.0.0.0  # default value, not need to change

> systemctl daemon-reload
> systemctl restart ssh.socket sshd.service
Result:

> systemctl cat ssh.socket 
# /usr/lib/systemd/system/ssh.socket
[Unit]
Description=OpenBSD Secure Shell server socket
Before=sockets.target ssh.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Socket]
ListenStream=22
Accept=no
FreeBind=yes

[Install]
WantedBy=sockets.target
RequiredBy=ssh.service

# /run/systemd/generator/ssh.socket.d/addresses.conf
# Automatically generated by sshd-socket-generator

[Socket]
ListenStream=
ListenStream=222   # << This should be 0.0.0.0:222 since ipv6 should be disabled


>  lsof -i:222
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd    1 root   57u  IPv6  57859      0t0  TCP *:222 (LISTEN)
sshd    1927 root    3u  IPv6  57859      0t0  TCP *:222 (LISTEN)


Describe the solution you'd like

As state above, since if the port is changed in /etc/ssh/sshd_config and a 
daemon-reload is issued, the change is correctly applied to socket,
in same way the change of IP protocol should be honored, otherwise this could 
lead people to wrongly assume their change has been honored while that change 
has not been considered.
Moreover is also dangerous not to consider this change, since if SSHD is using 
socket activation, the addressfamily is completely ignored by systemd and sshd.

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103633

Title:
  sshd-socket-generator - not honoring addressfamily defined in
  /etc/sshd/sshd_conf

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2103633/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to