[Bug 1771340] Re: sshd failed on config reload
Karl
karl.stenerud at canonical.com
Tue Aug 21 21:26:16 UTC 2018
** Description changed:
+ [Impact]
+
+ sshd doesn't check the configuration when reloading.
+
+ If a user generates an invalid configuration file, sshd will shut down
+ and not come back up when the user issues a reload.
+
+
+ [Test Case]
+
+ Copied existing debian fix from 7f06034b1c4ba72dac028ed7879c89b6ee073293
+ in pkg/ubuntu/artful to check sshd_config for errors before starting or
+ reloading the service.
+
+ PPA: ppa:kstenerud/sshd-reload-1771340
+
+
+ Steps to Test
+ -------------
+
+ $ lxc launch ubuntu:xenial tester
+ $ lxc exec tester bash
+
+ # echo "blah blah" >>/etc/ssh/sshd_config
+ # systemctl reload sshd
+ Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details.
+ # systemctl status ssh.service
+ ● ssh.service - OpenBSD Secure Shell server
+ Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
+ Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago
+
+ * The service should have checked the config file, failed to reload, but
+ remained active in its current configuration. In this case ssh has shut
+ down.
+
+ Remove the last line "blah blah" in /etc/ssh/sshd_config, then:
+
+ # systemctl start sshd
+ # add-apt-repository -y ppa:kstenerud/sshd-reload-1771340
+ # apt update
+ # apt upgrade -y
+ # echo "blah blah" >>/etc/ssh/sshd_config
+ # systemctl reload sshd
+ Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details.
+ # systemctl status ssh.service
+ ● ssh.service - OpenBSD Secure Shell server
+ Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
+ Active: active (running) (Result: exit-code) since Tue 2018-08-21 18:39:03 UTC; 31s ago
+
+ * Service is active (running), which is as it should be.
+
+
+ [Regression Potential]
+
+ This code will only trigger on an invalid configuration file (in which
+ case sshd would not load anyway), so there should be no regressions.
+
+
+ [Original Description]
+
After adding some lines to /etc/ssh/sshd_config I tried to reload the
configuration with the command:
```
sudo systemctl reload sshd
```
No error message was returned. So I assumed that the sshd was running
with the current config. But `sudo systemctl status sshd` told me that
the service failed due to a wrong option in /etc/ssh/sshd_config. Please
see the following output:
~~~
:~$ sudo vim /etc/ssh/sshd_config
:~$ sudo systemctl reload sshd
:~$ sudo systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
- Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
- Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago
- Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
- Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255)
- Main PID: 7536 (code=exited, status=255)
+ Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
+ Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago
+ Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
+ Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255)
+ Main PID: 7536 (code=exited, status=255)
~~~
I would expect that a warning or error message is returned when the
service fails while reloading it's configuration.
A fix for this behaviour would be appreciated.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openssh-server 1:7.2p2-4ubuntu2.4
ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39
Uname: Linux 3.13.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.17
Architecture: amd64
Date: Tue May 15 10:18:25 2018
InstallationDate: Installed on 2013-01-10 (1950 days ago)
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3)
SourcePackage: openssh
UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago)
mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420
** Description changed:
[Impact]
sshd doesn't check the configuration when reloading.
If a user generates an invalid configuration file, sshd will shut down
and not come back up when the user issues a reload.
-
[Test Case]
Copied existing debian fix from 7f06034b1c4ba72dac028ed7879c89b6ee073293
in pkg/ubuntu/artful to check sshd_config for errors before starting or
reloading the service.
PPA: ppa:kstenerud/sshd-reload-1771340
-
Steps to Test
-------------
$ lxc launch ubuntu:xenial tester
$ lxc exec tester bash
# echo "blah blah" >>/etc/ssh/sshd_config
# systemctl reload sshd
Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details.
# systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
- Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
- Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago
+ Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
+ Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago
* The service should have checked the config file, failed to reload, but
remained active in its current configuration. In this case ssh has shut
down.
Remove the last line "blah blah" in /etc/ssh/sshd_config, then:
# systemctl start sshd
# add-apt-repository -y ppa:kstenerud/sshd-reload-1771340
# apt update
# apt upgrade -y
# echo "blah blah" >>/etc/ssh/sshd_config
# systemctl reload sshd
Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details.
# systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
- Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
- Active: active (running) (Result: exit-code) since Tue 2018-08-21 18:39:03 UTC; 31s ago
+ Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
+ Active: active (running) (Result: exit-code) since Tue 2018-08-21 18:39:03 UTC; 31s ago
* Service is active (running), which is as it should be.
-
[Regression Potential]
This code will only trigger on an invalid configuration file (in which
case sshd would not load anyway), so there should be no regressions.
+
+ [Other Info]
+
+ autopkgtest [13:45:46]: test regress: -----------------------]
+ autopkgtest [13:45:47]: test regress: - - - - - - - - - - results - - - - - - - - - -
+ regress PASS
+ autopkgtest [13:45:47]: @@@@@@@@@@@@@@@@@@@@ summary
+ regress PASS
[Original Description]
After adding some lines to /etc/ssh/sshd_config I tried to reload the
configuration with the command:
```
sudo systemctl reload sshd
```
No error message was returned. So I assumed that the sshd was running
with the current config. But `sudo systemctl status sshd` told me that
the service failed due to a wrong option in /etc/ssh/sshd_config. Please
see the following output:
~~~
:~$ sudo vim /etc/ssh/sshd_config
:~$ sudo systemctl reload sshd
:~$ sudo systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago
Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255)
Main PID: 7536 (code=exited, status=255)
~~~
I would expect that a warning or error message is returned when the
service fails while reloading it's configuration.
A fix for this behaviour would be appreciated.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openssh-server 1:7.2p2-4ubuntu2.4
ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39
Uname: Linux 3.13.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.17
Architecture: amd64
Date: Tue May 15 10:18:25 2018
InstallationDate: Installed on 2013-01-10 (1950 days ago)
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3)
SourcePackage: openssh
UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago)
mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1771340
Title:
sshd failed on config reload
Status in openssh package in Ubuntu:
In Progress
Status in openssh source package in Xenial:
New
Bug description:
[Impact]
sshd doesn't check the configuration when reloading.
If a user generates an invalid configuration file, sshd will shut down
and not come back up when the user issues a reload.
[Test Case]
$ lxc launch ubuntu:xenial tester
$ lxc exec tester bash
# echo "blah blah" >>/etc/ssh/sshd_config
# systemctl reload sshd
Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details.
# systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago
* The service should have checked the config file, failed to reload,
but remained active in its current configuration. In this case ssh has
shut down.
[Regression Potential]
This code will only trigger on an invalid configuration file (in which
case sshd would not load anyway), so there should be no regressions.
[Other Info]
autopkgtest [13:45:46]: test regress: -----------------------]
autopkgtest [13:45:47]: test regress: - - - - - - - - - - results - - - - - - - - - -
regress PASS
autopkgtest [13:45:47]: @@@@@@@@@@@@@@@@@@@@ summary
regress PASS
[Original Description]
After adding some lines to /etc/ssh/sshd_config I tried to reload the
configuration with the command:
```
sudo systemctl reload sshd
```
No error message was returned. So I assumed that the sshd was running
with the current config. But `sudo systemctl status sshd` told me that
the service failed due to a wrong option in /etc/ssh/sshd_config.
Please see the following output:
~~~
:~$ sudo vim /etc/ssh/sshd_config
:~$ sudo systemctl reload sshd
:~$ sudo systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago
Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255)
Main PID: 7536 (code=exited, status=255)
~~~
I would expect that a warning or error message is returned when the
service fails while reloading it's configuration.
A fix for this behaviour would be appreciated.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openssh-server 1:7.2p2-4ubuntu2.4
ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39
Uname: Linux 3.13.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.17
Architecture: amd64
Date: Tue May 15 10:18:25 2018
InstallationDate: Installed on 2013-01-10 (1950 days ago)
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3)
SourcePackage: openssh
UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago)
mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771340/+subscriptions
More information about the foundations-bugs
mailing list