Bug#757822: marked as done (openssh-server: systemd start-limit reached after bootup, causing sshd to be stopped)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 03 Oct 2014 11:49:02 +0000
with message-id <E1Xa1M6-0001ry-5r@franck.debian.org>
and subject line Bug#756547: fixed in openssh 1:6.6p1-8
has caused the Debian Bug report #756547,
regarding openssh-server: systemd start-limit reached after bootup, causing sshd to be stopped
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
756547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756547
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: openssh-server: systemd start-limit reached after bootup, causing sshd to be stopped
• From: Gerben Meijer <gerben@daybyday.nl>
• Date: Mon, 11 Aug 2014 15:49:23 +0000
• Message-id: <20140811154923.2332.74567.reportbug@iqpc>

Package: openssh-server
Version: 1:6.6p1-6
Severity: important

On a fresh install of Jessie with systemd and networkmanager in a VM with 3 interfaces, the if-up.d/openssh-server script restarts sshd with every network interface that comes up at boottime.

When these interfaces come up very quickly, this is triggers the default start-limit in systemd, causing sshd to be terminated and the machine in question to become unreachable over ssh.

I am able to reproduce this behaviour with 2 ethernet (1 dhcp and 1 static) and 1 tun (openvpn) interface.

Log excerpt:

Aug 11 14:53:20 vagrant systemd[1]: Starting OpenBSD Secure Shell server...
-- Unit ssh.service has begun starting up.
Aug 11 14:53:20 vagrant systemd[1]: Started OpenBSD Secure Shell server.
-- Unit ssh.service has finished starting up.
Aug 11 14:53:20 vagrant sshd[471]: Server listening on 0.0.0.0 port 22.
Aug 11 14:53:20 vagrant sshd[471]: Server listening on :: port 22.
Aug 11 14:53:20 vagrant NetworkManager[475]: <info> (eth1): device state change: secondaries -> activated (reason 'none') [90 100 0]
Aug 11 14:53:20 vagrant NetworkManager[475]: <info> Activation (eth1) successful, device activated.
Aug 11 14:53:20 vagrant NetworkManager[475]: <info> (eth0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Aug 11 14:53:20 vagrant NetworkManager[475]: <info> Activation (eth0) successful, device activated.
Aug 11 14:53:20 vagrant systemd[1]: Stopping OpenBSD Secure Shell server...
-- Unit ssh.service has begun shutting down.
Aug 11 14:53:20 vagrant systemd[1]: Starting OpenBSD Secure Shell server...
-- Unit ssh.service has begun starting up.
Aug 11 14:53:20 vagrant systemd[1]: Started OpenBSD Secure Shell server.
-- Unit ssh.service has finished starting up.
Aug 11 14:53:20 vagrant sshd[471]: Received signal 15; terminating.
Aug 11 14:53:20 vagrant sshd[989]: Server listening on 0.0.0.0 port 22.
Aug 11 14:53:20 vagrant sshd[989]: Server listening on :: port 22.
Aug 11 14:53:21 vagrant systemd[1]: Stopping OpenBSD Secure Shell server...
-- Unit ssh.service has begun shutting down.
Aug 11 14:53:21 vagrant sshd[989]: Received signal 15; terminating.
Aug 11 14:53:21 vagrant systemd[1]: Starting OpenBSD Secure Shell server...
-- Unit ssh.service has begun starting up.
Aug 11 14:53:21 vagrant systemd[1]: Started OpenBSD Secure Shell server.
-- Unit ssh.service has finished starting up.
Aug 11 14:53:21 vagrant sshd[1059]: Server listening on 0.0.0.0 port 22.
Aug 11 14:53:21 vagrant sshd[1059]: Server listening on :: port 22.
Aug 11 14:53:21 vagrant systemd[1]: Stopping OpenBSD Secure Shell server...
-- Unit ssh.service has begun shutting down.
Aug 11 14:53:21 vagrant sshd[1059]: Received signal 15; terminating.
Aug 11 14:53:21 vagrant systemd[1]: Starting OpenBSD Secure Shell server...
-- Unit ssh.service has begun starting up.
Aug 11 14:53:21 vagrant systemd[1]: Started OpenBSD Secure Shell server.
-- Unit ssh.service has finished starting up.
Aug 11 14:53:21 vagrant sshd[1127]: Server listening on 0.0.0.0 port 22.
Aug 11 14:53:21 vagrant sshd[1127]: Server listening on :: port 22.
Aug 11 14:53:22 vagrant ifup[269]: bound to 10.0.2.15 -- renewal in 35227 seconds.
Aug 11 14:53:22 vagrant systemd[1]: Stopping OpenBSD Secure Shell server...
-- Unit ssh.service has begun shutting down.
Aug 11 14:53:22 vagrant sshd[1127]: Received signal 15; terminating.
Aug 11 14:53:22 vagrant systemd[1]: Starting OpenBSD Secure Shell server...
-- Unit ssh.service has begun starting up.
Aug 11 14:53:22 vagrant systemd[1]: Started OpenBSD Secure Shell server.
-- Unit ssh.service has finished starting up.
Aug 11 14:53:22 vagrant sshd[1290]: Server listening on 0.0.0.0 port 22.
Aug 11 14:53:22 vagrant sshd[1290]: Server listening on :: port 22.
Aug 11 14:53:25 vagrant NetworkManager[475]: <info> (tun0): device state change: secondaries -> activated (reason 'none') [90 100 0]
Aug 11 14:53:25 vagrant NetworkManager[475]: <info> Activation (tun0) successful, device activated.
Aug 11 14:53:25 vagrant systemd[1]: Stopping OpenBSD Secure Shell server...
-- Unit ssh.service has begun shutting down.
Aug 11 14:53:25 vagrant sshd[1290]: Received signal 15; terminating.
Aug 11 14:53:25 vagrant systemd[1]: Starting OpenBSD Secure Shell server...
-- Unit ssh.service has begun starting up.
Aug 11 14:53:25 vagrant systemd[1]: ssh.service start request repeated too quickly, refusing to start.
Aug 11 14:53:25 vagrant systemd[1]: Failed to start OpenBSD Secure Shell server.
-- Unit ssh.service has failed.
Aug 11 14:53:25 vagrant systemd[1]: Unit ssh.service entered failed state.


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-server depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.53
ii  dpkg                   1.17.10
ii  init-system-helpers    1.20
ii  libc6                  2.19-7
ii  libcomerr2             1.42.11-2
ii  libgssapi-krb5-2       1.12.1+dfsg-7
ii  libkrb5-3              1.12.1+dfsg-7
ii  libpam-modules         1.1.8-3
ii  libpam-runtime         1.1.8-3
ii  libpam0g               1.1.8-3
ii  libselinux1            2.3-1
ii  libssl1.0.0            1.0.1i-1
ii  libwrap0               7.6.q-25
ii  lsb-base               4.1+Debian13
ii  openssh-client         1:6.6p1-6
ii  openssh-sftp-server    1:6.6p1-6
ii  procps                 1:3.3.9-7
ii  zlib1g                 1:1.2.8.dfsg-1

Versions of packages openssh-server recommends:
ii  ncurses-term  5.9+20140712-2
ii  xauth         1:1.0.9-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information:
  openssh-server/permit-root-login: false

--- End Message ---

--- Begin Message ---

• To: 756547-close@bugs.debian.org
• Subject: Bug#756547: fixed in openssh 1:6.6p1-8
• From: Colin Watson <cjwatson@debian.org>
• Date: Fri, 03 Oct 2014 11:49:02 +0000
• Message-id: <E1Xa1M6-0001ry-5r@franck.debian.org>

Source: openssh
Source-Version: 1:6.6p1-8

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 756547@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 03 Oct 2014 12:23:57 +0100
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.6p1-8
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 756547 762128 763375
Changes:
 openssh (1:6.6p1-8) unstable; urgency=medium
 .
   * Make the if-up hook use "reload" rather than "restart" if the system was
     booted using systemd (closes: #756547).
   * Show fingerprints of new keys after creating them in the postinst
     (closes: #762128).
   * Policy version 3.9.6: no changes required.
   * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
     between Architecture: all and Architecture: any binary packages (closes:
     #763375).
Checksums-Sha1:
 f46ee7ff4a1ad4061230aadccf4bc437a133b306 2710 openssh_6.6p1-8.dsc
 f50663db7e2d9446596ad7fc10fe1edafaf4e75e 145460 openssh_6.6p1-8.debian.tar.xz
 88b1bd65fbe5a762c9aab4d272b1c094961cb966 718302 openssh-client_6.6p1-8_i386.deb
 901c349439042c3d3682aefb2dedf0b329229a20 361662 openssh-server_6.6p1-8_i386.deb
 3d3e553b7a21b334b8c249f894865c7b250af3ef 38596 openssh-sftp-server_6.6p1-8_i386.deb
 dd972853371b966c7498e6cdc03a20be3c263dbb 105820 ssh_6.6p1-8_all.deb
 da75313b0b24861d65369da070dd240e45c01a9e 105624 ssh-krb5_6.6p1-8_all.deb
 ca4b711fbd517d32920fe7c19da4c0b56bad3319 113470 ssh-askpass-gnome_6.6p1-8_i386.deb
 b30bcbb3c85988ae67d97d4aac50a00b7bb7b289 256906 openssh-client-udeb_6.6p1-8_i386.udeb
 b72a378fb4dc7167fee9a41639113aa6debffc06 287200 openssh-server-udeb_6.6p1-8_i386.udeb
Checksums-Sha256:
 901e86cf044566325dfbb91ce5635dd480ed1d4604b4c409d46d99c7b011ee2d 2710 openssh_6.6p1-8.dsc
 c7df988656864101cd61abcd7f4fdf582652239f0d65319fd0f057503342697f 145460 openssh_6.6p1-8.debian.tar.xz
 233c9dd66cf68dc04374263aec191a98cc39475a38780f9137619a5a837d5d4f 718302 openssh-client_6.6p1-8_i386.deb
 3c1485e7233a62dc24a8d72ddab1f1f2f3b68d827bc94e1714861078ed092ec9 361662 openssh-server_6.6p1-8_i386.deb
 b7a4200b291546e7f7946fc8433aafe34e5941271af84fae49a900219729c0bf 38596 openssh-sftp-server_6.6p1-8_i386.deb
 c8879c1fec451a3b25f76bed93958fdefac5b1d20eaa0d2b10d737af00a665e1 105820 ssh_6.6p1-8_all.deb
 3d9afa7823b11ebaa566333c72844d5381a76995d1e3d35cd6b47f136530103c 105624 ssh-krb5_6.6p1-8_all.deb
 71d0cfb1975fc42528fef5706e918ec4d11808fc18a0616090fa75fa1956d6c8 113470 ssh-askpass-gnome_6.6p1-8_i386.deb
 b43efd43e3b96909b0ce7d8a90b3673450cf31a734cdebe98c35745edccd1410 256906 openssh-client-udeb_6.6p1-8_i386.udeb
 b98dcd88a2bb373180110097d011e2a291dec210e62ddfe80d544ffab3c67bf0 287200 openssh-server-udeb_6.6p1-8_i386.udeb
Files:
 5165799a671d59a754bf15c31bb6a614 718302 net standard openssh-client_6.6p1-8_i386.deb
 8ad5424af975aa770763e230e16b0200 361662 net optional openssh-server_6.6p1-8_i386.deb
 8532f3fb2fb5d7b388c66ae6fb1a898e 38596 net optional openssh-sftp-server_6.6p1-8_i386.deb
 9dd5f5504b33eed2624a813d020677ae 105820 net extra ssh_6.6p1-8_all.deb
 a924c372700db5d8a631233f3a0d449b 105624 oldlibs extra ssh-krb5_6.6p1-8_all.deb
 7d99647f03deef41bf48d03b3a4c0f4a 113470 gnome optional ssh-askpass-gnome_6.6p1-8_i386.deb
 f6645cd6aedcb5f1b1a1e2d39b3d1160 256906 debian-installer optional openssh-client-udeb_6.6p1-8_i386.udeb
 4c548e58dc4a63a25a4903661e2ea3f1 287200 debian-installer optional openssh-server-udeb_6.6p1-8_i386.udeb
 7e2fe5875fb0e19f66198e2a31110f61 2710 net standard openssh_6.6p1-8.dsc
 74207ffed4ac14df3bb0469f42b7fd58 145460 net standard openssh_6.6p1-8.debian.tar.xz
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBVC6JMTk1h9l9hlALAQgUUxAAt85zG9Pm2nTzoNuAVkkunGcaojTt7bpa
a/qseOT4EkOrXkic3zyLTN+Wz7Et4rfHOjuMlBuVLA/TtOJS2rAxxFZ+n0Tmu8qz
CcOFtflMw5eYv/oO8Ng8M80Q9dpZP19c7SpDCaU5Npmkg0E23NxDE7tQAB2EJ9id
G9h3jw6gMfR9OE7hX1tiPgTLwI9emDioUKNQtapv2qvJdKMQ6PK325LfOlgeQ0Oh
TmYt5Ecqdn5YbsDjgoC/XpziPfqFw4URfBEricxj4W3VqdNM5JZTg9RwostquaV7
YRe9HNvTM3xmkfnBj3f/hUrQlvVjiozu5YiA9I7JiAnL6G2V9ZN4+64wouc3zkOm
LOX8suM881sAlDXGW3tFd23UG6qMjUqptfjSQ60lJJ7cz48koAaZWoPVn1YE6Kis
GpFIHaHHviWfKXm3m3GA2DQYMo+aM8ruKh7/LGR7DgUfZs4m1F6F1gv0WM+ntFAM
DY47ZqNPTd8QbCM1sEfhxSvTs2eVIRI8w2dZcea+942Y9aCBkiovVO67/6uw690x
RuMCHQxfA4USVE0QHP86SK9HbJXLxbJzgCadgS+QiFeOoFIEkHwx72yHjBtZVXMl
S4D3KOSHvrS7dA0kZNkxCyHs5biNrL5OslX+iYXkMXq3coMHKtMfnVsevXA38+2C
kWtktRYpFj4=
=KOnL
-----END PGP SIGNATURE-----

--- End Message ---