Bug#865770: openssh-server fails to validate configuration before reloading, under systemd
Package: openssh-server
Version: 1:6.7p1-5+deb8u3
Severity: important
Tags: patch jessie stretch sid
Dear maintainers,
The systemd units shipped as part of jessie, stretch and sid do not validate
the sshd_config file before proceeding with reloading or restarting the deamon.
(Note that reloading when the file contains invalid config makes sshd exit.)
As far as I can tell, the old initscripts have the correct behaviour,
so this is a systemd-specific regression.
Please find included a patch that makes `systemctl reload ssh` fail properly
when the configuration is invalid.
Unfortunately, systemd does not support validating configuration before
restarting a service, though an issue has been open for over 1.5 years:
https://github.com/systemd/systemd/issues/2175
Given the severity of the issue (indeed, this can easily result in accidental
loss of administrative access, making the error quite difficult to fix),
please consider shipping the patch in the next point-release.
This was one of the causes of an outage at hashbang.sh, resulting in loss of
SSH access for all users and administrators.
Regards,
kf
-- System Information:
Debian Release: 8.8
APT prefers oldstable
APT policy: (900, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-0.bpo.3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.56
ii dpkg 1.17.27
ii init-system-helpers 1.22
ii libc6 2.19-18+deb8u10
ii libcomerr2 1.42.12-2+b1
ii libgssapi-krb5-2 1.12.1+dfsg-19+deb8u2
ii libkrb5-3 1.12.1+dfsg-19+deb8u2
ii libpam-modules 1.1.8-3.1+deb8u2
ii libpam-runtime 1.1.8-3.1+deb8u2
ii libpam0g 1.1.8-3.1+deb8u2
ii libselinux1 2.3-2
ii libssl1.0.0 1.0.1t-1+deb8u6
ii libwrap0 7.6.q-25
ii lsb-base 4.1+Debian13+nmu1
ii openssh-client 1:6.7p1-5+deb8u3
ii openssh-sftp-server 1:6.7p1-5+deb8u3
ii procps 2:3.3.9-9
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages openssh-server recommends:
ii ncurses-term 6.0+20160625-1
ii xauth 1:1.0.9-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
pn ssh-askpass <none>
pn ufw <none>
-- Configuration Files:
/etc/pam.d/sshd changed:
@include common-auth
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
@include common-session
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session optional pam_mail.so dir=~/Mail standard noenv # [1]
session required pam_limits.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common-password
-- debconf information excluded
diff --git i/debian/systemd/ssh.service w/debian/systemd/ssh.service
index 3df8c64..7351931 100644
--- i/debian/systemd/ssh.service
+++ w/debian/systemd/ssh.service
@@ -6,7 +6,7 @@ ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Service]
EnvironmentFile=-/etc/default/ssh
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
-ExecReload=/bin/kill -HUP $MAINPID
+ExecReload=/bin/sh -c '/usr/sbin/sshd -t && /bin/kill -HUP $MAINPID'
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Reply to: