Bug#789532: marked as done (openssh-server: is not starting using ifup)
Your message dated Sun, 21 Oct 2018 10:04:53 +0000
with message-id <E1gEAbN-0007ig-77@fasolo.debian.org>
and subject line Bug#789532: fixed in openssh 1:7.9p1-1
has caused the Debian Bug report #789532,
regarding openssh-server: is not starting using ifup
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
789532: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789532
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-server: is not starting using ifup
- From: Jose Antonio Quevedo <joseantonio.quevedo@gmail.com>
- Date: Mon, 22 Jun 2015 01:24:37 +0200
- Message-id: <20150621232437.2637.9394.reportbug@packard>
Package: openssh-server
Version: 1:6.7p1-6
Severity: important
Tags: patch
Dear Maintainer,
openssh-server is not starting at boot if the iface is not up.
Nowadays, the if-up.d/openssh-server script is reloading or restarting but not
starting the service.
Attached is a patch that can make openssh-server try to start when any iface
(except loopback) is raised.
I've already tested this patch on my system.
Hope you'll find it useful.
Regards,
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable')
Architecture: i386 (i686)
Kernel: Linux 4.0.0-2-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.56
ii dpkg 1.18.0
ii init-system-helpers 1.23
ii libc6 2.19-18
ii libcomerr2 1.42.13-1
ii libgssapi-krb5-2 1.12.1+dfsg-20
ii libkrb5-3 1.12.1+dfsg-20
ii libpam-modules 1.1.8-3.1
ii libpam-runtime 1.1.8-3.1
ii libpam0g 1.1.8-3.1
ii libselinux1 2.3-2
ii libssl1.0.0 1.0.2a-1
ii libwrap0 7.6.q-25
ii lsb-base 4.1+Debian13+nmu1
ii openssh-client 1:6.7p1-6
ii openssh-sftp-server 1:6.7p1-6
ii procps 2:3.3.9-9
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages openssh-server recommends:
ii ncurses-term 5.9+20150516-2
ii xauth 1:1.0.9-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
pn ssh-askpass <none>
pn ufw <none>
-- Configuration Files:
/etc/network/if-up.d/openssh-server changed:
set -e
if [ "$IFACE" = lo ]; then
exit 0
fi
if [ "$MODE" != start ]; then
exit 0
fi
if [ "$ADDRFAM" != inet ] && [ "$ADDRFAM" != inet6 ]; then
exit 0
fi
if [ ! -e /usr/sbin/sshd ]; then
exit 0
fi
if [ -f /var/run/sshd.pid ] && \
[ "$(ps -p "$(cat /var/run/sshd.pid)" -o comm=)" == sshd ]; then
# We'd like to use 'reload' here, but it has some problems; see #502444. On
# the other hand, repeated restarts of ssh make systemd unhappy
# (#756547/#757822), so use reload in that case.
if [ -d /run/systemd/system ]; then
action=reload
else
action=restart
fi
else
action=start
fi
invoke-rc.d ssh $action >/dev/null 2>&1 || true
exit 0
-- debconf information excluded
diff --git a/debian/openssh-server.if-up b/debian/openssh-server.if-up
index dd05ea5..cd6aca0 100644
--- a/debian/openssh-server.if-up
+++ b/debian/openssh-server.if-up
@@ -25,19 +25,25 @@ if [ ! -e /usr/sbin/sshd ]; then
exit 0
fi
-if [ ! -f /var/run/sshd.pid ] || \
- [ "$(ps -p "$(cat /var/run/sshd.pid)" -o comm=)" != sshd ]; then
- exit 0
-fi
-# We'd like to use 'reload' here, but it has some problems; see #502444. On
-# the other hand, repeated restarts of ssh make systemd unhappy
-# (#756547/#757822), so use reload in that case.
-if [ -d /run/systemd/system ]; then
+# Choose the proper action
+if [ -f /var/run/sshd.pid ] && \
+ [ "$(ps -p "$(cat /var/run/sshd.pid)" -o comm=)" == sshd ]; then
+
+ # We'd like to use 'reload' here, but it has some problems; see #502444. On
+ # the other hand, repeated restarts of ssh make systemd unhappy
+ # (#756547/#757822), so use reload in that case.
+
+ if [ -d /run/systemd/system ]; then
action=reload
-else
+ else
action=restart
+ fi
+
+else
+ action=start
fi
+
invoke-rc.d ssh $action >/dev/null 2>&1 || true
exit 0
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.9p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 789532@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 21 Oct 2018 10:39:24 +0100
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.9p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
Closes: 177406 789532 828475 844494
Changes:
openssh (1:7.9p1-1) unstable; urgency=medium
.
* New upstream release (https://www.openssh.com/txt/release-7.9):
- ssh(1), sshd(8): allow most port numbers to be specified using service
names from getservbyname(3) (typically /etc/services; closes:
#177406).
- ssh(1): allow the IdentityAgent configuration directive to accept
environment variable names. This supports the use of multiple agent
sockets without needing to use fixed paths.
- sshd(8): support signalling sessions via the SSH protocol. A limited
subset of signals is supported and only for login or command sessions
(i.e. not subsystems) that were not subject to a forced command via
authorized_keys or sshd_config.
- ssh(1): support "ssh -Q sig" to list supported signature options.
Also "ssh -Q help" to show the full set of supported queries.
- ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and
server configs to allow control over which signature formats are
allowed for CAs to sign certificates. For example, this allows
banning CAs that sign certificates using the RSA-SHA1 signature
algorithm.
- sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke
keys specified by SHA256 hash.
- ssh-keygen(1): allow creation of key revocation lists directly from
base64-encoded SHA256 fingerprints. This supports revoking keys using
only the information contained in sshd(8) authentication log messages.
- ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
attempting to load PEM private keys while using an incorrect
passphrase.
- sshd(8): when a channel closed message is received from a client,
close the stderr file descriptor at the same time stdout is closed.
This avoids stuck processes if they were waiting for stderr to close
and were insensitive to stdin/out closing (closes: #844494).
- ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
forwarding timeout and support X11 forwarding indefinitely.
Previously the behaviour of ForwardX11Timeout=0 was undefined.
- sshd(8): when compiled with GSSAPI support, cache supported method
OIDs regardless of whether GSSAPI authentication is enabled in the
main section of sshd_config. This avoids sandbox violations if GSSAPI
authentication was later enabled in a Match block.
- sshd(8): do not fail closed when configured with a text key revocation
list that contains a too-short key.
- ssh(1): treat connections with ProxyJump specified the same as ones
with a ProxyCommand set with regards to hostname canonicalisation
(i.e. don't try to canonicalise the hostname unless
CanonicalizeHostname is set to 'always').
- ssh(1): fix regression in OpenSSH 7.8 that could prevent public-key
authentication using certificates hosted in a ssh-agent(1) or against
sshd(8) from OpenSSH <7.8 (LP: #1790963).
- All: support building against the openssl-1.1 API (releases 1.1.0g and
later). The openssl-1.0 API will remain supported at least until
OpenSSL terminates security patch support for that API version
(closes: #828475).
- sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
apparently required by some glibc/OpenSSL combinations.
* Remove dh_builddeb override to use xz compression; this has been the
default since dpkg 1.17.0.
* Simplify debian/rules using /usr/share/dpkg/default.mk.
* Remove /etc/network/if-up.d/openssh-server, as it causes more problems
than it solves (thanks, Christian Ehrhardt, Andreas Hasenack, and David
Britton; closes: #789532, LP: #1037738, #1674330, #1718227). Add an
"if-up hook removed" section to README.Debian documenting the corner
case that may need configuration adjustments.
Checksums-Sha1:
02f65cb5d41cb680cdbd59533b4e1ca8e6e706f6 3121 openssh_7.9p1-1.dsc
993aceedea8ecabb1d0dd7293508a361891c4eaa 1565384 openssh_7.9p1.orig.tar.gz
e23d601363ab5ff0daae5714e77d06539a9aebe9 683 openssh_7.9p1.orig.tar.gz.asc
0420173569b37d7f64df25cde2981147ee735870 163012 openssh_7.9p1-1.debian.tar.xz
9f824d07b600b84035802712a43e83923b4db7e7 14938 openssh_7.9p1-1_source.buildinfo
Checksums-Sha256:
dcf0986f38bead63c956b8c75cee6cd6263d5f836faedf8a3a34f1976e6907fa 3121 openssh_7.9p1-1.dsc
6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad 1565384 openssh_7.9p1.orig.tar.gz
4fd584498595450d68f5514b3d79eb14425a3d6aa9e9021d9e928fdd7b4469eb 683 openssh_7.9p1.orig.tar.gz.asc
7b2ca8e1fac29e7a42141fdb6efb05c12ac3c98c4018478377d301098a7762da 163012 openssh_7.9p1-1.debian.tar.xz
aa8896c424a4357f4e3f70c9498d1226df96d029913e3afce40e27a392ef0f04 14938 openssh_7.9p1-1_source.buildinfo
Files:
169fdfded198d365193f03a2d8f2b616 3121 net standard openssh_7.9p1-1.dsc
c6af50b7a474d04726a5aa747a5dce8f 1565384 net standard openssh_7.9p1.orig.tar.gz
36f798ff56b24004e16c08bf4a5fc021 683 net standard openssh_7.9p1.orig.tar.gz.asc
f9fe15f8723a54a2072d7222dcd6f0d9 163012 net standard openssh_7.9p1-1.debian.tar.xz
acb341421aa0f910d6308e6f1465c502 14938 net standard openssh_7.9p1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlvMSYAACgkQOTWH2X2G
UAsUMA//ewIH7+cPTzKVeQpmMDwIESrYoqRALoehigkz49fQ1iYcOB5R/Bb9ap8Y
3EVwlh5ryxclHbADuPkbQJEtyX7jLhW050tpholKTJsaCdNLn0/5Kojg39EGPSXq
u54vzm7j+OsWPFavzC/gjKVwqAOTdmOUXBg6rwTP1rjHrrKcX+olrTHMQ5V9bUqc
BedfpqM0eneO0Ei3mREXjoGMooXBg7AcQaUEImewdeMJLdFRWeg8Pk9pDIxpo4cE
SHKIC3UYqbUZnlJ/eqLHyACBKpsRWW3TYwyjDnNV8J8dJaeiPvlOoYiM/+ARuYDj
iC+KsP6DBWtjpunGHh32prok0ZTqpSXnZdg4Kog+AGVxzfPb8RzRGATOOjmvqXR/
5mhRWAZFdLqzRoC/Vltt6+ljumv1ewksOM5iY4bLuL18S50wOvdWMDdyZG64sLXm
BnVd2wNiIW08tIghNp3NjxyQKwI74iF2yfJcFE5AqULkPI7mWZvi/bIDjEJDgSlA
AtYyvuyUVLIZzYKs1Ic27RG5TnZZCVPmX1uqxR+B3NIsFDJtGHcJsO5azCMtevV/
gHK1Wx2bcN1JEUNS/DOPLB9GZQk7hlmAgG6MREmC2QAQg7Zo8TZeIW4mf6OELHqx
JRpHjJM+BH/9THJbweSy/yjLQ7PVyngGX0wxxxcbIvXWIV8HQdA=
=nwlI
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: