[Bug 1691826] Re: systemd script for sshd allows it to start too early should wait for authentication services...
Andreas Hasenack
andreas at canonical.com
Fri May 19 12:29:20 UTC 2017
Can you share your nss_ldap configuration, as well as /var/log/syslog
and /var/log/auth.log? And, just to confirm, your sshd user is NOT in
ldap, right?
** Changed in: cloud-init (Ubuntu)
Status: New => Incomplete
** Changed in: openssh (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1691826
Title:
systemd script for sshd allows it to start too early should wait for
authentication services...
Status in cloud-init package in Ubuntu:
Incomplete
Status in openssh package in Ubuntu:
Incomplete
Bug description:
After the most recent update to 16.04 I found that sshd failed to
launch on bootup. On my particular system this is because it was not
able to authenticate the user 'sshd'. It appears to be because it is
starting before authentication services are completely available on my
system. A simple fix was to make the following change to
/lib/systemd/system/ssh.service:
--After=network.target auditd.service
++After=network.target auditd.service accounts-daemon.service
Starting too early might be a security issue, but I do not have the
expertise to make that judgment. This may also be related to and solve
this bug #1024475 as I am also serving some of my accounts from ldap.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1691826/+subscriptions
More information about the foundations-bugs
mailing list