Bug#512209: Please don't touch sshd from interfaces-up
On Sun, 18 Jan 2009, Colin Watson wrote:
> > Why restart it at all? There's little point in the default
> > configuration where sshd listens on INADDR_ANY.
> > At least make it configurable and don't mess with it from interfaces by
> > default.
> Hmm. This was in response to:
> ... where somebody did appear to be having a genuine problem. I've CCed
Yes, I read that. I don't think this would ever be a problem unless you
explicitly listen only on a specific address, and then I'd think that
sshd wouldn't even start so the reload couldn't have been a fix for
that. Unless of course you listen on more than one specific address at
least one of which is available when sshd starts. Still, why you would
do this rather than listen on * as is the default is beyond me.
> I vaguely remember some problem where INADDR_ANY meant "all the
> interfaces that happen to be up at bind() time" rather than "all the
> interfaces that are up whenever packets arrive". Am I hallucinating?
For normal TCP ports you probably are making this up. It is however how
bind and ntpd handle their UDP ports. Maybe that's what you are
> Anyway, I'm happy to remove this (or at least move it to an examples
> directory for people having problems). However, I'm conscious that I
> have already pushed my luck for late changes in openssh for lenny since
> the udebs it produces are built into some d-i initrds. Peter, is this
> actually causing you a problem beyond inefficiency?
It hasn't caused any actual problems for me so far. But neither should
the reload have caused problems. So this just pains me for the reason
that it adds yet another thing that might break, and it's for such an
important thing as sshd. Also, it's really not very elegant, and I
think not actually needed by almost all setups. If we want to support
such cases with multiple (non *) Listen addresses configured maybe we
should make the restart condititional on that.
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/