[Bug 1771340] Re: sshd failed on config reload
Tronde
1771340 at bugs.launchpad.net
Thu Oct 11 09:21:17 UTC 2018
@ahasenack, of course I could double check. I've done so a few minutes
ago and you are right. After trying to reload with a corrupted config
file the reload failed but the service is still up and running.
Please see the following output for confirmation:
~~~
root at vbox-xenial:~# systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Do 2018-10-11 11:13:35 CEST; 2min 19s ago
Main PID: 8917 (sshd)
CGroup: /system.slice/ssh.service
└─8917 /usr/sbin/sshd -D
Okt 11 11:13:35 vbox-xenial systemd[1]: Starting OpenBSD Secure Shell server...
Okt 11 11:13:35 vbox-xenial sshd[8917]: Server listening on 0.0.0.0 port 22.
Okt 11 11:13:35 vbox-xenial sshd[8917]: Server listening on :: port 22.
Okt 11 11:13:35 vbox-xenial systemd[1]: Started OpenBSD Secure Shell server.
root at vbox-xenial:~# echo "blah blah" >>/etc/ssh/sshd_config
root at vbox-xenial:~# systemctl reload sshd
Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details.
root at vbox-xenial:~# systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) (Result: exit-code) since Do 2018-10-11 11:13:35 CEST; 2min 51s ago
Process: 9033 ExecReload=/usr/sbin/sshd -t (code=exited, status=255)
Main PID: 8917 (sshd)
CGroup: /system.slice/ssh.service
└─8917 /usr/sbin/sshd -D
Okt 11 11:13:35 vbox-xenial systemd[1]: Starting OpenBSD Secure Shell server...
Okt 11 11:13:35 vbox-xenial sshd[8917]: Server listening on 0.0.0.0 port 22.
Okt 11 11:13:35 vbox-xenial sshd[8917]: Server listening on :: port 22.
Okt 11 11:13:35 vbox-xenial systemd[1]: Started OpenBSD Secure Shell server.
Okt 11 11:16:15 vbox-xenial systemd[1]: Reloading OpenBSD Secure Shell server.
Okt 11 11:16:15 vbox-xenial sshd[9033]: /etc/ssh/sshd_config: line 89: Bad configuration option: blah
Okt 11 11:16:15 vbox-xenial sshd[9033]: /etc/ssh/sshd_config: terminating, 1 bad configuration options
Okt 11 11:16:15 vbox-xenial systemd[1]: ssh.service: Control process exited, code=exited status=255
Okt 11 11:16:15 vbox-xenial systemd[1]: Reload failed for OpenBSD Secure Shell server.
root at vbox-xenial:~#
~~~
Sorry, that I didn't get it in the first try.
The update looks fine for my, too.
** Tags removed: verification-failed-xenial verification-needed
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1771340
Title:
sshd failed on config reload
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Xenial:
Fix Committed
Status in openssh package in Debian:
Fix Released
Bug description:
[Impact]
sshd doesn't check the configuration when reloading.
If a user generates an invalid configuration file, sshd will shut down
and not come back up when the user issues a reload.
[Test Case]
$ lxc launch ubuntu:xenial tester
$ lxc exec tester bash
# echo "blah blah" >>/etc/ssh/sshd_config
# systemctl reload sshd
Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details.
# systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago
* The service should have checked the config file, failed to reload,
but remained active in its current configuration. In this case ssh has
shut down.
[Regression Potential]
This code will only trigger on an invalid configuration file (in which
case sshd would not load anyway), so there should be no regressions.
[Other Info]
autopkgtest [13:45:46]: test regress: -----------------------]
autopkgtest [13:45:47]: test regress: - - - - - - - - - - results - - - - - - - - - -
regress PASS
autopkgtest [13:45:47]: @@@@@@@@@@@@@@@@@@@@ summary
regress PASS
[Original Description]
After adding some lines to /etc/ssh/sshd_config I tried to reload the
configuration with the command:
```
sudo systemctl reload sshd
```
No error message was returned. So I assumed that the sshd was running
with the current config. But `sudo systemctl status sshd` told me that
the service failed due to a wrong option in /etc/ssh/sshd_config.
Please see the following output:
~~~
:~$ sudo vim /etc/ssh/sshd_config
:~$ sudo systemctl reload sshd
:~$ sudo systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago
Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255)
Main PID: 7536 (code=exited, status=255)
~~~
I would expect that a warning or error message is returned when the
service fails while reloading it's configuration.
A fix for this behaviour would be appreciated.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openssh-server 1:7.2p2-4ubuntu2.4
ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39
Uname: Linux 3.13.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.17
Architecture: amd64
Date: Tue May 15 10:18:25 2018
InstallationDate: Installed on 2013-01-10 (1950 days ago)
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3)
SourcePackage: openssh
UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago)
mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771340/+subscriptions
More information about the foundations-bugs
mailing list