Your message dated Fri, 6 Oct 2017 12:35:54 +0100 with message-id <20171006113554.26fqriri67n2h7nm@riva.ucam.org> and subject line Re: Bug#873884: [openssh-server] At boot time ssh is listening at port 22 rather than the one configured in sshd_config has caused the Debian Bug report #873884, regarding [openssh-server] At boot time ssh is listening at port 22 rather than the one configured in sshd_config to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 873884: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873884 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: [openssh-server] At boot time ssh is listening at port 22 rather than the one configured in sshd_config
- From: Garcia Dabo Cesar Enrique <cquike@arcor.de>
- Date: Thu, 31 Aug 2017 23:58:30 +0200 (CEST)
- Message-id: <2121998963.65901.1504216710749@mail.vodafone.de>
Package: openssh-server
Version: 1:7.4p1-10+deb9u1
Severity: important
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org--- Please enter the report below this line. ---
I have configured a server with a non-standard port using directive Port in /
etc/ssh/sshd_config, however when I restart the server it listens at port 22.
The ssh related services after rebooting look like this:# systemctl -a | grep ssh
ssh.service
loaded inactive dead OpenBSD Secure Shell server
system-ssh.slice
loaded active active system-ssh.slice
ssh.socket
loaded active listening OpenBSD Secure Shell server socketAs a workaround, If I restart the ssh server:
# systemctl restart ssh.service
then sshd starts to listen to the configured port as it should be. The
services status look like this:# systemctl -a | grep ssh
ssh.service
loaded active running OpenBSD Secure Shell server
system-ssh.slice
loaded active active system-ssh.slice
ssh.socket
loaded inactive dead OpenBSD Secure Shell server socket
--- System information. ---
Architecture:
Kernel: Linux 4.9.0-3-amd64Debian Release: 9.0
500 stable security.debian.org
500 stable ftp.de.debian.org--- Package information. ---
Depends (Version) | Installed
=============================================-+-======================
adduser (>= 3.9) | 3.115
dpkg (>= 1.9.0) | 1.18.24
libpam-modules (>= 0.72-9) | 1.1.8-3.6
libpam-runtime (>= 0.76-14) | 1.1.8-3.6
lsb-base (>= 4.1+Debian3) | 9.20161125
openssh-client (= 1:7.4p1-10) | 1:7.4p1-10deb9u1
openssh-sftp-server | 1:7.4p1-10deb9u1
procps | 2:3.3.12-3
ucf (>= 0.28) | 3.0036
debconf (>= 0.5) | 1.5.61
OR debconf-2.0 |
init-system-helpers (>= 1.18~) | 1.48
libaudit1 (>= 1:2.2.1) | 1:2.6.7-2
libc6 (>= 2.17) | 2.24-11+deb9u1
libcomerr2 (>= 1.01) | 1.43.4-2
libgssapi-krb5-2 (>= 1.14+dfsg) | 1.15-1
libkrb5-3 (>= 1.13~alpha1+dfsg) | 1.15-1
libpam0g (>= 0.99.7.1) | 1.1.8-3.6
libselinux1 (>= 1.32) | 2.6-3+b1
libssl1.0.2 (>= 1.0.2d) | 1.0.2l-2
libsystemd0 | 232-25+deb9u1
libwrap0 (>= 7.6-4~) | 7.6.q-26
zlib1g (>= 1:1.1.4) | 1:1.2.8.dfsg-5
Recommends (Version) | Installed
=============================-+-===========
libpam-systemd | 232-25+deb9u1
ncurses-term | 6.0+20161126-1
xauth | 1:1.0.9-1+b2
Suggests (Version) | Installed
===========================-+-===========
molly-guard |
monkeysphere |
rssh |
ssh-askpass |
ufw |
--- End Message ---
--- Begin Message ---
- To: Garcia Dabo Cesar Enrique <cquike@arcor.de>, 873884-close@bugs.debian.org
- Subject: Re: Bug#873884: [openssh-server] At boot time ssh is listening at port 22 rather than the one configured in sshd_config
- From: Colin Watson <cjwatson@debian.org>
- Date: Fri, 6 Oct 2017 12:35:54 +0100
- Message-id: <20171006113554.26fqriri67n2h7nm@riva.ucam.org>
- In-reply-to: <2121998963.65901.1504216710749@mail.vodafone.de>
- References: <2121998963.65901.1504216710749@mail.vodafone.de>
On Thu, Aug 31, 2017 at 11:58:30PM +0200, Garcia Dabo Cesar Enrique wrote: > I have configured a server with a non-standard port using directive Port in / > etc/ssh/sshd_config, however when I restart the server it listens at port 22. > The ssh related services after rebooting look like this: > > # systemctl -a | grep ssh > ssh.service > loaded inactive dead OpenBSD Secure Shell server > system-ssh.slice > loaded active active system-ssh.slice > ssh.socket > loaded active listening OpenBSD Secure Shell server socket README.Debian notes that if you're using socket activation then you need to handle port changes in the systemd unit as well: The provided ssh.socket unit file sets ListenStream=22. If you need to have it listen on a different address or port, then you will need to do this by copying /lib/systemd/system/ssh.socket to /etc/systemd/system/ssh.socket and modifying the ListenStream option. See systemd.socket(5) for details. These instructions are actually a bit suboptimal and I've just rewritten them as follows, but the basic point stands: The provided ssh.socket unit file sets ListenStream=22. If you need to have it listen on a different address or port, then you will need to do this as follows (modifying ListenStream to match your requirements): mkdir -p /etc/systemd/system/ssh.socket.d cat >/etc/systemd/system/ssh.socket.d/listen.conf <<EOF [Socket] ListenStream=2222 EOF systemctl daemon-reload See systemd.socket(5) for details. -- Colin Watson [cjwatson@debian.org]
--- End Message ---