[Bug 1674330] [NEW] Please consider dropping /etc/network/if-up.d/openssh-server

Launchpad Bug Tracker 1674330 at bugs.launchpad.net
Fri Feb 23 00:21:47 UTC 2018 

You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):

The /etc/network/if-up.d/openssh-server hack was introduced ten years ago [1] as a response to bug 
103436. At least from today's perspective this isn't justified:

I can't seem to be able to actually reproduce that issue: I can start a
VM with no network interfaces, remove the above hack, then start sshd,
then bring up an ethernet interface, and I can connect to ssh via
ethernet just fine. Also, e. g. Fedora has no counterpart of this hack,
and these days a lot of people would complain if that would cause
problems, as hotpluggable/roaming network devices are everywhere.

The hack introduces a race: you run into connection errors after
bringing up a new interface as sshd stops listening briefly while being
reloaded. That's the reason why I looked at it, as this regularly
happens in upstream's cockpit integration tests.

Also, /etc/network/if-up.d/ isn't being run when using networkd/netplan,
i. e. in more recent Ubuntnu cloud instances. So far this doesn't seem
to have caused any issues.

I asked the original reporter of bug 103436 for some details, and to
check whether that hack is still necessary. There is actually a proposed
patch upstream [2] to use IP_FREEBIND, which is the modern solution to
listening to all "future" interfaces as well. But at least for the
majority of cases it seems to work fine without that even.

So I wonder if it's time to bury that hack?

[1] https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?id=ba6b55ed6
[2] https://bugzilla.mindrot.org/show_bug.cgi?id=2512

** Affects: openssh (Ubuntu)
     Importance: Low
     Assignee: David Britton (davidpbritton)
         Status: In Progress


** Tags: patch
-- 
Please consider dropping /etc/network/if-up.d/openssh-server
https://bugs.launchpad.net/bugs/1674330
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list