Bug#360525: openssh-server: specified Port values ignored when additional ListenAddress enabled
Package: openssh-server
Version: 1:4.2p1-7
Severity: normal
Latest upgrade has changed the way the sshd_config is interpreted.
I had previously configured:
,----
| Port X
| Port Y
| ListenAddress 127.0.0.0:22
`----
For listening on nonstandard ports X,Y (both >1024) and default 22 for
localhost.
After upgrading only localhost was listening.
On commenting the ListenAddress option, both listening on X and Y goes
enabled again, but only for ipv6 (!).
To get back my previous setup I had to configure:
,-----
| ListenAddress 0.0.0.0:X
| ListenAddress 0.0.0.0:Y
| ListenAddress 127.0.0.1:22
`-----
And removing the Port options.
No information about this is provied on upgrading neither on the doc
files, so I guess that's a bug.
best regards,
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-amd64-k8
Locale: LANG=es_ES@euro, LC_CTYPE=es_ES@euro (charmap=ISO-8859-15)
Versions of packages openssh-server depends on:
ii adduser 3.85 Add and remove users and groups
ii debconf [debc 1.4.72 Debian configuration management sy
ii dpkg 1.13.17 package maintenance system for Deb
ii libc6 2.3.6-4 GNU C Library: Shared libraries an
ii libcomerr2 1.38+1.39-WIP-2005.12.31-1 common error description library
ii libkrb53 1.4.3-6 MIT Kerberos runtime libraries
ii libpam-module 0.79-3.1 Pluggable Authentication Modules f
ii libpam-runtim 0.79-3.1 Runtime support for the PAM librar
ii libpam0g 0.79-3.1 Pluggable Authentication Modules l
ii libselinux1 1.30-1 SELinux shared libraries
ii libssl0.9.8 0.9.8a-8 SSL shared libraries
ii libwrap0 7.6.dbs-9 Wietse Venema's TCP wrappers libra
ii openssh-clien 1:4.2p1-7 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-11 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/disable_cr_auth: false
Reply to: