Bug#457120: marked as done (openssh-server: subprocess post-installation script returned error exit status 1)
Your message dated Thu, 20 Dec 2007 23:19:52 +0000
with message-id <20071220231952.GK13328@riva.ucam.org>
and subject line Bug#457120: openssh-server: subprocess post-installation script returned error exit status 1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: openssh-server
Version: 1:4.6p1-7
Severity: critical
Justification: breaks the whole system
This bug is rated critical because it breaks "apt-get upgrade" and
leaves the system in a dangerously unstable state.
apt-get upgrade aborts:
Setting up libsnmp-session-perl (1.11-1) ...
Setting up netatalk (2.0.3-7) ...
Installing new version of config file /etc/default/netatalk ...
Installing new version of config file
/etc/logcheck/ignore.d.server/netatalk ...
Installing new version of config file /etc/netatalk/afpd.conf ...
Installing new version of config file /etc/init.d/netatalk ...
Starting Netatalk services (this will take a while): atalkd afpd papd.
Errors were encountered while processing:
openssh-server
ssh
E: Sub-process /usr/bin/dpkg returned an error code (1)
apt-get install openssh-server
Reading package lists... Done
Building dependency tree... Done
openssh-server is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 373 not upgraded.
2 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Setting up openssh-server (1:4.6p1-7) ...
/etc/ssh/sshd_config: line 74: Bad configuration option: NoneEnabled
/etc/ssh/sshd_config: terminating, 1 bad configuration options
invoke-rc.d: initscript ssh, action "restart" failed.
dpkg: error processing openssh-server (--configure):
subprocess post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of ssh:
ssh depends on openssh-server; however:
Package openssh-server is not configured yet.
dpkg: error processing ssh (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
openssh-server
ssh
72
73 UsePAM yes
74 NoneEnabled yes
Sorry for the ugly formatting, in the unstable state I am not able to
use a real editor and vi mangles cut and paste and makes editing
difficult.
The package will install when you remove the offending line from
/etc/ssh/sshd_config. However, apt-get upgrade does not invoke the
configure scripts when run again.
It is possible that out of around 1000 packages upgraded,
openssh-server was the last to be configured and apt-get didn't really
abort.:wq
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii dpkg 1.14.12 package maintenance system for Deb
ii libc6 2.7-4 GNU C Library: Shared libraries
ii libcomerr2 1.40.3-1 common error description library
ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii libpam-modules 0.99.7.1-5 Pluggable Authentication Modules f
ii libpam-runtime 0.99.7.1-5 Runtime support for the PAM librar
ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l
ii libselinux1 2.0.15-2+b1 SELinux shared libraries
ii libssl0.9.8 0.9.8g-3 SSL shared libraries
ii libwrap0 7.6.dbs-14 Wietse Venema's TCP wrappers libra
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii openssh-client 1:4.6p1-7 secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3.3.dfsg-7 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
--- End Message ---
--- Begin Message ---
On Thu, Dec 20, 2007 at 02:03:03PM -0500, Mark Whitis wrote:
> On Thu, 20 Dec 2007, Colin Watson wrote:
> >Where did this "NoneEnabled yes" come from? The openssh packages didn't
> >put it there; I've double-checked by searching everything back to
> >version 1:3.6.1p2-9 from September 2003, which is the oldest I have
>
> It is there because you ship a substandard version of ssh that does not
> allow the use of "none" encryption.
Like the one shipped by upstream?
I sympathise with your request, but I must keep my workload manageable
or I cannot update the openssh packages in a reasonable time (in fact,
I'm already well behind on updating to 4.7). The best way to get HPN or
similar shipped by Debian is to persuade upstream to incorporate it.
> The debian package should really include HPN.
> If you aren't going to include HPN, you should at least not crash on
> an unknown configuration option used by an important patch.
I'm sorry, but I cannot and will not track configuration options that
are enabled by miscellaneous patches that are not part of my package.
Upstream don't attempt to do this either. I suggest that you (get
somebody to) produce a packaged form of the HPN-patched OpenSSH, and pin
apt to only ever install openssh-* from that repository.
Regards,
--
Colin Watson [cjwatson@debian.org]
--- End Message ---
Reply to: