Hallo Marc Haber, 08.12.21 13:31 Marc Haber: > I am running a number of test systems with ssh as socket activated > service. Sometimes, after an update, I find myself without ssh access to > those systems (connection refused). After a console login and systemctl > restart ssh.socket, things are fine again. > > I THINK this might be connected to needrestart. Today, a libc6 update > marked the running ssh daemon (that I was using for the update) as using > obsolete libraries, which resulted in the following console output: To me it looks like a problem in needrestart. The (forked off) sshd process handling your client connection belongs to cgroup session-NN.scope, no matter if it was started by systemd socket activation or regular sshd. needrestart (invoked with "-vlp" here) detects a process with outdated libs: [main] #2111961 uses deleted /lib/x86_64-linux-gnu/libnss_files-2.32.so [main] #2111961 is a child of #2111904 Then it figures out the binary and the cgroup: [main] #2111961 exe => /usr/sbin/sshd [main] trying systemctl status cgroup detection didn't work, so: [main] #2111961 running /etc/needrestart/hook.d/10-dpkg [main] #2111961 package: openssh-server [main] #2111961 running /etc/needrestart/hook.d/20-rpm [main] #2111961 running /etc/needrestart/hook.d/90-none /etc/needrestart/hook.d/10-dpkg also finds /etc/init.d/ssh and we end up with: Services: […] - spamassassin.service - ssh - systemd-journald.service […] Note the missing ".service". Then you have it invoke "systemctl restart ssh.service" and voilà. A workaround might be masking ssh.service. Grüße Timo
Attachment:
signature.asc
Description: This is a digitally signed message part.