Bug#1071292: openssh-server: sshd fails to restart at package upgrade, future logins to server impossible

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1071292: openssh-server: sshd fails to restart at package upgrade, future logins to server impossible
From: Sven-Haegar Koch <haegar@sdinet.de>
Date: Fri, 17 May 2024 21:42:05 +0200
Message-id: <[🔎] 171597492570.2666156.11522522418323000623.reportbug@aurora64.sdinet.de>
Reply-to: Sven-Haegar Koch <haegar@sdinet.de>, 1071292@bugs.debian.org

Package: openssh-server
Version: 1:9.7p1-5
Severity: important

Dear Maintainer,

I just upgraded openssh as part of my normal "apt dist-upgrade" every
few days, from 1:9.7p1-4 to 1:9.7p1-5.

The whole apt went through without any errors - but afterwards sshd
was no longer running / listening on its network ports.

Most likely related messages from syslog:

May 17 21:19:31 aurora64 systemd[1]: Reloading finished in 370 ms.
May 17 21:19:31 aurora64 sshd[1910600]: Received signal 15; terminating.
May 17 21:19:31 aurora64 systemd[1]: Stopping ssh.service - OpenBSD Secure Shell server...
May 17 21:19:31 aurora64 systemd[1]: ssh.service: Deactivated successfully.
May 17 21:19:31 aurora64 systemd[1]: Stopped ssh.service - OpenBSD Secure Shell server.
May 17 21:19:31 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:31 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:31 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:31 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:31 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 1.
May 17 21:19:32 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:32 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:32 aurora64 systemd[1]: Reloading requested from client PID 2653532 ('systemctl') (unit session-4.scope)...
May 17 21:19:32 aurora64 systemd[1]: Reloading...
May 17 21:19:32 aurora64 systemd[1]: systemd-fsckd.socket: Socket unit configuration has changed while unit has been running, no open socket file descriptor left. The socket unit is not functional until restarted.
May 17 21:19:32 aurora64 systemd[1]: Reloading finished in 384 ms.
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 2.
May 17 21:19:32 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:32 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 3.
May 17 21:19:32 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:32 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:32 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 4.
May 17 21:19:33 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Control process exited, code=exited, status=127/n/a
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:33 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Scheduled restart job, restart counter is at 5.
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Start request repeated too quickly.
May 17 21:19:33 aurora64 systemd[1]: ssh.service: Failed with result 'exit-code'.
May 17 21:19:33 aurora64 systemd[1]: Failed to start ssh.service - OpenBSD Secure Shell server.

Did not find anything real in the logs why it would not restart,
just that it died.

A manual "systemctl restart ssh" afterwards just made ssh work again.

May 17 21:35:29 aurora64 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 17 21:35:29 aurora64 sshd[2674496]: Server listening on 0.0.0.0 port 42666.
May 17 21:35:29 aurora64 sshd[2674496]: Server listening on :: port 42666.
May 17 21:35:29 aurora64 systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
May 17 21:35:29 aurora64 sshd[2674496]: Server listening on 0.0.0.0 port 22.
May 17 21:35:29 aurora64 sshd[2674496]: Server listening on :: port 22.

Sadly I saw this problem too late, and had already looged out of one
machine again, and now can't login again until I am the next time
in the office and able to use the console to restart sshd :/

Greetings,
Haegar

PS:
Systemd was updated from 255.5-1 to 256~rc2-3 in the same apt
run, so could perhaps also be some ugly interaction between the
two updates.

-- System Information:
Debian Release: trixie/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.9-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                    3.137
ii  debconf [debconf-2.0]      1.5.86
ii  init-system-helpers        1.66
ii  libaudit1                  1:3.1.2-2.1
ii  libc6                      2.38-11
ii  libcom-err2                1.47.1~rc2-1
ii  libcrypt1                  1:4.4.36-4
ii  libgssapi-krb5-2           1.20.1-6+b1
ii  libkrb5-3                  1.20.1-6+b1
ii  libpam-modules             1.5.3-7
ii  libpam-runtime             1.5.3-7
ii  libpam0g                   1.5.3-7
ii  libselinux1                3.5-2+b2
ii  libssl3t64                 3.2.1-3
ii  libwrap0                   7.6.q-33
ii  openssh-client             1:9.7p1-5
ii  openssh-sftp-server        1:9.7p1-5
ii  procps                     2:4.0.4-4
ii  runit-helper               2.16.2
ii  sysvinit-utils [lsb-base]  3.09-1
ii  ucf                        3.0043+nmu1
ii  zlib1g                     1:1.3.dfsg+really1.3.1-1

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  256~rc2-3
ii  ncurses-term             6.5-2
ii  xauth                    1:1.1.2-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
ii  ssh-askpass   1:1.2.4.1-16+b1
pn  ufw           <none>

-- debconf-show failed

Reply to:

Follow-Ups:
- Bug#1071292: openssh-server: sshd fails to restart at package upgrade, future logins to server impossible
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#1069706: marked as done (systemd unit files lack ordering wrt nss-user-lookup.target)
Next by Date: Bug#1018260: openssh-server: fills the log with "deprecated reading of user environment enabled"
Previous by thread: Bug#1069706: marked as done (systemd unit files lack ordering wrt nss-user-lookup.target)
Next by thread: Bug#1071292: openssh-server: sshd fails to restart at package upgrade, future logins to server impossible
Index(es):
- Date
- Thread