[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#457120: openssh-server: subprocess post-installation script returned error exit status 1

# I actually don't think this is a Debian bug at all; see the comments
# below.
severity 457120 normal
thanks

On Wed, Dec 19, 2007 at 06:49:38PM -0500, Mark Whitis wrote:
> Package: openssh-server
> Version: 1:4.6p1-7
> Severity: critical
> Justification: breaks the whole system
> 
> This bug is rated critical because it breaks "apt-get upgrade" and
> leaves the system in a dangerously unstable state.

The state of your system is perfectly well-defined, stable, and not in
the least dangerous, even if it does require manual recovery by the
system administrator (who should be in attendance during upgrades). It
also does not appear to be a problem introduced by the Debian openssh
packages.

>    apt-get install openssh-server
>    Reading package lists... Done
>    Building dependency tree... Done
>    openssh-server is already the newest version.
>    0 upgraded, 0 newly installed, 0 to remove and 373 not upgraded.
>    2 not fully installed or removed.
>    Need to get 0B of archives.
>    After unpacking 0B of additional disk space will be used.
>    Setting up openssh-server (1:4.6p1-7) ...
>    /etc/ssh/sshd_config: line 74: Bad configuration option: NoneEnabled
>    /etc/ssh/sshd_config: terminating, 1 bad configuration options
>    invoke-rc.d: initscript ssh, action "restart" failed.
>    dpkg: error processing openssh-server (--configure):
>     subprocess post-installation script returned error exit status 1
>     dpkg: dependency problems prevent configuration of ssh:
>      ssh depends on openssh-server; however:
>        Package openssh-server is not configured yet.
>        dpkg: error processing ssh (--configure):
>         dependency problems - leaving unconfigured
> 	Errors were encountered while processing:
> 	 openssh-server
> 	  ssh
> 
>     72  
>         73  UsePAM yes
> 	    74  NoneEnabled yes

Where did this "NoneEnabled yes" come from? The openssh packages didn't
put it there; I've double-checked by searching everything back to
version 1:3.6.1p2-9 from September 2003, which is the oldest I have
handy. Perhaps you were using a locally-patched version of openssh which
adds this option, in which case it's the responsibility of whoever's
providing this patch to maintain it. sshd will not start with
unrecognised configuration options; those options might represent an
important part of somebody's security policy and it's better to force
the system administrator to do something about it than to start up in
what might be an insecure state.

> Sorry for the ugly formatting, in the unstable state I am not able to
> use a real editor and vi mangles cut and paste and makes editing
> difficult.

:set paste

> The package will install when you remove the offending line from
> /etc/ssh/sshd_config.    However, apt-get upgrade does not invoke the
> configure scripts when run again.

dpkg --configure -a

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: