Bug#1071292: openssh-server: sshd fails to restart at package upgrade, future logins to server impossible
Package: openssh-server
Version: 1:9.7p1-5
Severity: important
Dear Maintainer,
I just upgraded openssh as part of my normal "apt dist-upgrade" every
few days, from 1:9.7p1-4 to 1:9.7p1-5.
The whole apt went through without any errors - but afterwards sshd
was no longer running / listening on its network ports.
Most likely related messages from syslog:
May 17 21:19:31 aurora64 systemd[1]: Reloading finished in 370 ms.
May 17 21:19:31 aurora64 sshd[1910600]: Received signal 15; terminating.
May 17 21:19:31 aurora64 systemd[1]: Stopping ssh.service - OpenBSD Secure Shell server...
May 17 21:19:31 aurora64 systemd[1]: ssh.service: Deactivated successfully.
May 17 21:19:31 aurora64 systemd[1]: Stopped ssh.service - OpenBSD Secure Shell server.
May 17 21:19:31 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:31 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:31 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:31 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:31 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 1.
May 17 21:19:32 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:32 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:32 aurora64 systemd[1]: Reloading requested from client PID 2653532 ('systemctl') (unit session-4.scope)...
May 17 21:19:32 aurora64 systemd[1]: Reloading...
May 17 21:19:32 aurora64 systemd[1]: systemd-fsckd.socket: Socket unit configuration has changed while unit has been running, no open socket file descriptor left. The socket unit is not functional until restarted.
May 17 21:19:32 aurora64 systemd[1]: Reloading finished in 384 ms.
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 2.
May 17 21:19:32 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:32 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 3.
May 17 21:19:32 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:32 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 4.
May 17 21:19:33 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:33 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 5.
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Start request repeated too quickly.
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:33 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
Did not find anything real in the logs why it would not restart,
just that it died.
A manual "systemctl restart ssh" afterwards just made ssh work again.
May 17 21:35:29 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:35:29 aurora64 sshd[2674496]: Server listening on 0.0.0.0 port 42666.
May 17 21:35:29 aurora64 sshd[2674496]: Server listening on :: port 42666.
May 17 21:35:29 aurora64 systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
May 17 21:35:29 aurora64 sshd[2674496]: Server listening on 0.0.0.0 port 22.
May 17 21:35:29 aurora64 sshd[2674496]: Server listening on :: port 22.
Sadly I saw this problem too late, and had already looged out of one
machine again, and now can't login again until I am the next time
in the office and able to use the console to restart sshd :/
Greetings,
Haegar
PS:
Systemd was updated from 255.5-1 to 256~rc2-3 in the same apt
run, so could perhaps also be some ugly interaction between the
two updates.
-- System Information:
Debian Release: trixie/sid
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.7.9-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-server depends on:
ii adduser 3.137
ii debconf [debconf-2.0] 1.5.86
ii init-system-helpers 1.66
ii libaudit1 1:3.1.2-2.1
ii libc6 2.38-11
ii libcom-err2 1.47.1~rc2-1
ii libcrypt1 1:4.4.36-4
ii libgssapi-krb5-2 1.20.1-6+b1
ii libkrb5-3 1.20.1-6+b1
ii libpam-modules 1.5.3-7
ii libpam-runtime 1.5.3-7
ii libpam0g 1.5.3-7
ii libselinux1 3.5-2+b2
ii libssl3t64 3.2.1-3
ii libwrap0 7.6.q-33
ii openssh-client 1:9.7p1-5
ii openssh-sftp-server 1:9.7p1-5
ii procps 2:4.0.4-4
ii runit-helper 2.16.2
ii sysvinit-utils [lsb-base] 3.09-1
ii ucf 3.0043+nmu1
ii zlib1g 1:1.3.dfsg+really1.3.1-1
Versions of packages openssh-server recommends:
ii libpam-systemd [logind] 256~rc2-3
ii ncurses-term 6.5-2
ii xauth 1:1.1.2-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
ii ssh-askpass 1:1.2.4.1-16+b1
pn ufw <none>
-- debconf-show failed
Reply to: