Bug#1001320: needrestart misdetects socket activated ssh and restarts service instead of socket
Hi Timo,
On Wed, Dec 08, 2021 at 04:01:30PM +0100, Timo Weingärtner wrote:
> 08.12.21 13:31 Marc Haber:
> > I am running a number of test systems with ssh as socket activated
> > service. Sometimes, after an update, I find myself without ssh access to
> > those systems (connection refused). After a console login and systemctl
> > restart ssh.socket, things are fine again.
> >
> > I THINK this might be connected to needrestart. Today, a libc6 update
> > marked the running ssh daemon (that I was using for the update) as using
> > obsolete libraries, which resulted in the following console output:
>
> To me it looks like a problem in needrestart. The (forked off) sshd process
> handling your client connection belongs to cgroup session-NN.scope, no matter
> if it was started by systemd socket activation or regular sshd.
I concur with your analysis. So we need a bug report against needrestart
with the title "misdetects ssh as started from ssh.service if it's
actually ssh.socket or ssh@.service"?
> A workaround might be masking ssh.service.
That seems to do it for me, this hasn't happeneed on my test systems
since I masked ssh.service. I do consider this a valid workaround (but
not a soution) for the time being.
ssh maintainer, I think this warrants at least some documentation, for
example in /usr/share/doc/openssh-server/README.Debian.gz, as the way
documented there just suggests disabling ssh.service and not masking it.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
Reply to: