[Bug 2004551] Re: upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Andreas Hasenack 2004551 at bugs.launchpad.net
Fri Jul 21 15:14:22 UTC 2023 

I'm seeing something that looks just like this in a dep8 mantic test
run, where openssh-server is upgraded while preparing the testbed and
postinst fails[1]:

977s Preparing to unpack .../openssh-sftp-server_1%3a9.3p1-1ubuntu1_amd64.deb ...
977s Unpacking openssh-sftp-server (1:9.3p1-1ubuntu1) over (1:9.2p1-2ubuntu3) ...
977s Preparing to unpack .../openssh-server_1%3a9.3p1-1ubuntu1_amd64.deb ...
977s Warning: Stopping ssh.service, but it can still be activated by:
977s   ssh.socket
977s Unpacking openssh-server (1:9.3p1-1ubuntu1) over (1:9.2p1-2ubuntu3) ...
(...)
992s Setting up openssh-server (1:9.3p1-1ubuntu1) ...
993s rescue-ssh.target is a disabled or a static unit not running, not starting it.
993s Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
993s dpkg: error processing package openssh-server (--configure):
993s  installed openssh-server package post-installation script subprocess returned error exit status 1
(...)
1016s Errors were encountered while processing:
1016s  openssh-server


1. https://autopkgtest.ubuntu.com/results/autopkgtest-mantic-ahasenack-samba-kb5028166/mantic/amd64/s/samba/20230720_195603_95cad@/log.gz

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2004551

Title:
  upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Status in openssh package in Ubuntu:
  New

Bug description:
  Hi,
  I just upgraded a system from Jammy to Lunar and openssh-server refuses to upgrade well.

  Setting up openssh-server (1:9.0p1-1ubuntu8) ...
  Replacing config file /etc/ssh/sshd_config with new version
  Replacing config file /etc/ssh/sshd_config with new version
  Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install disable ssh
  rescue-ssh.target is a disabled or a static unit not running, not starting it.
  Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess returned error exit status 1
  Processing triggers for man-db (2.11.2-1) ...
  Processing triggers for libc-bin (2.36-0ubuntu4) ...
  Errors were encountered while processing:
   openssh-server
  Error: Timeout was reached
  needrestart is being skipped since dpkg has failed
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  I'm not sure what exactly it is.
  This output complains about rescue-ssh.target and indeed that can not be started even directly.

  $ sudo systemctl start rescue-ssh.target
  A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for details.

  And in postinst is a try to start it:
  $  grep rescue /var/lib/dpkg/info/openssh-server.postinst 
  		deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null || true

  
  But I think the underlying issue is that ssh is already on, and I'm logged in via it.
  And that makes the service restart of the ssh socket which was added break.

  Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create listening socket ([::]:22): Address already in use
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive listening socket ([::]:22): Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to listen on sockets: Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed with result 'resources'.

  
  Now, whichever it is, it is hard to resolve.
  The only way to get the socket to own it would be rebooting so that sshd lets go and systemd can take over.
  I could reboot, but that is not the point.
  What if I'd want to get the service and upgrade completed before reboot.
  Because as of now dpkg considers the system unhappy, and that would usually be a sign for "better not reboot before being resolved" to me.

  One thing though, I have not upgraded with do-release-upgrade - would
  we / do we have magic there to make the ssh socket activation
  transition smoother?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2004551/+subscriptions

More information about the foundations-bugs mailing list