Bug#1001320: marked as done (needrestart misdetects socket activated ssh and restarts service instead of socket)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 29 Dec 2021 01:33:30 +0000
with message-id <E1n2NqM-0008p6-9o@fasolo.debian.org>
and subject line Bug#1001320: fixed in openssh 1:8.7p1-3
has caused the Debian Bug report #1001320,
regarding needrestart misdetects socket activated ssh and restarts service instead of socket
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1001320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001320
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: needrestart misdetects socket activated ssh and restarts service instead of socket
• From: Marc Haber <mh+debian-packages@zugschlus.de>
• Date: Wed, 08 Dec 2021 13:31:48 +0100
• Message-id: <[🔎] 163896670837.2474423.2692210110997511725.reportbug@fan.zugschlus.de>

Package: openssh-server
Version: 1:8.7p1-2
Severity: minor

Hi,

I am running a number of test systems with ssh as socket activated
service. Sometimes, after an update, I find myself without ssh access to
those systems (connection refused). After a console login and systemctl
restart ssh.socket, things are fine again.

I THINK this might be connected to needrestart. Today, a libc6 update
marked the running ssh daemon (that I was using for the update) as using
obsolete libraries, which resulted in the following console output:

Restarting services...
 systemctl restart console-log.service cron.service exim4.service haveged.service ippl.service ntp.service rsyslog.service serial-getty@ttyS0.service ssh.service systemd-journald.service systemd-networkd.service systemd-resolved.service systemd-udevd.service
Job for ssh.service failed because the control process exited with error code.
See "systemctl status ssh.service" and "journalctl -xeu ssh.service" for details.
Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart getty@tty1.service
 systemctl restart systemd-logind.service
 systemctl restart user@1001.service

and the following log entries:
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping LSB: Puts a logfile pager on virtual consoles...
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping Regular background program processing daemon...
Dec  8 12:58:26 emptybookworm82 systemd[1]: cron.service: Deactivated successfully.
Dec  8 12:58:26 emptybookworm82 cron[429258]: (CRON) INFO (pidfile fd = 3)
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopped Regular background program processing daemon.
Dec  8 12:58:26 emptybookworm82 systemd[1]: cron.service: Consumed 15min 4.856s CPU time.
Dec  8 12:58:26 emptybookworm82 systemd[1]: Started Regular background program processing daemon.
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping LSB: exim Mail Transport Agent...
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping Entropy Daemon based on the HAVEGE algorithm...
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping LSB: IP protocols logger...
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping Network Time Service...
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping System Logging Service...
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping Serial Getty on ttyS0...
Dec  8 12:58:26 emptybookworm82 systemd[1]: serial-getty@ttyS0.service: Deactivated successfully.
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopped Serial Getty on ttyS0.
Dec  8 12:58:26 emptybookworm82 systemd[1]: Started Serial Getty on ttyS0.
Dec  8 12:58:26 emptybookworm82 systemd[1]: ssh.socket: Deactivated successfully.
Dec  8 12:58:26 emptybookworm82 systemd[1]: Closed OpenBSD Secure Shell server socket.
Dec  8 12:58:26 emptybookworm82 systemd[1]: ssh.socket: Consumed 10.571s CPU time.
Dec  8 12:58:26 emptybookworm82 systemd[1]: Starting OpenBSD Secure Shell server...
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping Flush Journal to Persistent Storage...
Dec  8 12:58:26 emptybookworm82 systemd[1]: systemd-networkd-wait-online.service: Deactivated successfully.
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopped Wait for Network to be Configured.
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping Wait for Network to be Configured...
Dec  8 12:58:26 emptybookworm82 systemd[1]: Stopping Network Name Resolution...
Dec  8 12:58:26 emptybookworm82 systemd[1]: ssh.service: Main process exited, code=exited, status=255/EXCEPTION
Dec  8 12:58:26 emptybookworm82 systemd[1]: ssh.service: Failed with result 'exit-code'.
Dec  8 12:58:26 emptybookworm82 systemd[1]: Failed to start OpenBSD Secure Shell server.
Dec  8 12:58:26 emptybookworm82 ntpd[298]: ntpd exiting on signal 15 (Terminated)
Dec  8 12:58:26 emptybookworm82 ntpd[298]: 2a01:4f8:140:246a::2 local addr 2a01:4f8:140:246a::52:100 -> <null>
Dec  8 12:58:26 emptybookworm82 haveged[220]: haveged: Stopping due to signal 15
Dec  8 12:58:27 emptybookworm82 cron[429258]: (CRON) INFO (Skipping @reboot jobs -- not system startup)
Dec  8 12:58:27 emptybookworm82 systemd[1]: systemd-journal-flush.service: Deactivated successfully.
Dec  8 12:58:27 emptybookworm82 systemd[1]: Stopped Flush Journal to Persistent Storage.
Dec  8 12:58:27 emptybookworm82 exim4[429259]:  exim4_listener.

To me, this looks like needrestart misdetects the sshd process as having
been started by an ssh.service instead of an ssh@.service, and that
stopping ssh.service stops ssh.socket for some reason (systemd
dependency?). Afterwards, ssh.service is restarted (which fails because
the port is still busy), and ssh.socket stays off, resulting in an
unreachable host.

Can you as the ssh maintainer give some insight whether this is an ssh,
a needrestart or an systemd issue? It definetely is annoying.

Greetings
Marc

--- End Message ---

--- Begin Message ---

• To: 1001320-close@bugs.debian.org
• Subject: Bug#1001320: fixed in openssh 1:8.7p1-3
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Wed, 29 Dec 2021 01:33:30 +0000
• Message-id: <E1n2NqM-0008p6-9o@fasolo.debian.org>
• Reply-to: Colin Watson <cjwatson@debian.org>

Source: openssh
Source-Version: 1:8.7p1-3
Done: Colin Watson <cjwatson@debian.org>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1001320@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Dec 2021 01:12:00 +0000
Source: openssh
Architecture: source
Version: 1:8.7p1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1001320
Changes:
 openssh (1:8.7p1-3) unstable; urgency=medium
 .
   * Include unit test binaries in openssh-tests even if building with
     DEB_BUILD_OPTIONS=nocheck.
   * Install built version of sshd_config, with corrected PATH and PidFile.
   * Upgrade to debhelper v13.
   * debian/copyright: Use HTTPS in Source field.
   * Update renamed Lintian tag name in Lintian override.
   * debian/watch: Upgrade to version 4.
   * Clarify instructions for using socket activation to avoid accidental
     attempts to start the non-socket-activated service that can result in
     systems without a running sshd (closes: #1001320).
   * Remove maintainer script code for upgrades from before Debian 9.
   * Make the sysvinit script provide "ssh" as well as "sshd".
   * Set Rules-Requires-Root: no.
   * Use dh_installalternatives.
   * Simplify some debhelper overrides slightly.
Checksums-Sha1:
 e01bfb04fa3055e9b9490db0e777e7fa77ac9859 3347 openssh_8.7p1-3.dsc
 78222408f2b05b0161459bceca34a4ef3e78b20a 185628 openssh_8.7p1-3.debian.tar.xz
Checksums-Sha256:
 88bbbe5f444f773a3e293a382e7415114c022f906aad11af46af281f48cccd94 3347 openssh_8.7p1-3.dsc
 19bfcd79009cd1b57b7959d117092d2a5dcba156182a83177647c184d6eccce9 185628 openssh_8.7p1-3.debian.tar.xz
Files:
 5519ae7693636cf246b6b307172e3673 3347 net standard openssh_8.7p1-3.dsc
 0c2d9dd6b5c5742de7036cb57ae2be72 185628 net standard openssh_8.7p1-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmHLtgIACgkQOTWH2X2G
UAtpJBAAg5x6wzu5afkpwOaQtDqrwaSFy00KY7nJVdvXnxOFamhLoxZOUA2pLeLw
LkiXTMXCilI/guYg+QO7yaFAD5BA3P4CWZoiEs3mvDa+DMt/QbCnBj+HoJxAoSbX
8qz6UaqRbyrEIen4f4pY1eHH9vFFQjSixedGeIXSF2GjuQ3Mn4kK5jpraIAwK6eJ
XFnSPrrjj6wmmlXogAzPAHqknh3uRpSxzM42aMDBcjiGjg5cXf2Ym5e0CSS2wGwy
PeuLqfGArtxYEegnUFPCtQWIxpmBUX/YizZHkN2+BuHhFBhBJZIxciWWbBtaBdnd
BwBznu/rjhbHRXvDZbcboH0dmSqsmpT1DZ0RsuYTg6ghcQMsKQsO3O0TLOlmo10f
SzI62TrQ5eqAWujyC47sg+2vJx0+ALKrrGRV5IQ/B3ailsInbJKNW1AQstrkf9rd
duonAEj8ExRSpu1/kvD7FGLVgomLhD88jQhUjJJfDOfTcr+IRxkvI+5iUXVifFFi
sEJ2lNatACxm6xL5/G7MIWU/kTCejR9IZRbI1hX3Ekteat9DbZCwsC6UmGeDn7dh
LKMCmVNoLHtbI/Wclf4G84nbIMoq/Tgv/A/xWRkqR9c384PSLmeALMW1ctfS74OQ
cYOYsydLZAvmDb+DB2QP+gybFWzFZT2TXyCJK4Hcd1WwWDnKeZ8=
=bHM8
-----END PGP SIGNATURE-----

--- End Message ---