Bug#1103773: openssh-server: systemd unit to After=network-online.target

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1103773: openssh-server: systemd unit to After=network-online.target
From: Martin-Éric Racine <martin-eric.racine@iki.fi>
Date: Mon, 21 Apr 2025 15:38:39 +0300
Message-id: <[🔎] 174523911986.1803.16374250241374609704.reportbug@p8h62.internal>
Reply-to: Martin-Éric Racine <martin-eric.racine@iki.fi>, 1103773@bugs.debian.org

Package: openssh-server
Version: 1:9.9p2-2
Severity: normal
X-Debbugs-Cc: martin-eric.racine@iki.fi

The systemd unit current launches:

After=network.target remote-fs.target nss-lookup.target

This doesn't guarantee that we have acquired an IP address (see: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/). 

Because of this, binding to an address using e.g. 'ListenAddress 192.168.1.12' will make sshd fail to launch if the interface hasn't acquired an IP yet.

network-online.target should probably be added to the above to positively ensure that we've acquired an IP before sshd launches.

Best Regards,
Martin-Éric

-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.22-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                    3.150
ii  debconf [debconf-2.0]      1.5.91
ii  init-system-helpers        1.68
ii  libaudit1                  1:4.0.2-2+b2
ii  libc6                      2.41-7
ii  libcom-err2                1.47.2-1+b1
ii  libcrypt1                  1:4.4.38-1
ii  libgssapi-krb5-2           1.21.3-5
ii  libkrb5-3                  1.21.3-5
ii  libpam-modules             1.7.0-3
ii  libpam-runtime             1.7.0-3
ii  libpam0g                   1.7.0-3
ii  libselinux1                3.8.1-1
ii  libssl3t64                 3.5.0-1
ii  libwrap0                   7.6.q-36
ii  openssh-client             1:9.9p2-2
ii  openssh-sftp-server        1:9.9p2-2
ii  procps                     2:4.0.4-7
ii  runit-helper               2.16.4
ii  sysvinit-utils [lsb-base]  3.14-4
ii  ucf                        3.0051
ii  zlib1g                     1:1.3.dfsg+really1.3.1-1+b1

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  257.5-2
ii  ncurses-term             6.5+20250216-2
ii  xauth                    1:1.1.2-1.1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information excluded

Reply to:

Follow-Ups:
- Bug#1103773: openssh-server: systemd unit to After=network-online.target
  - From: Chris Hofstaedtler <zeha@debian.org>
- Processed: Re: Bug#1103773: openssh-server: systemd unit to After=network-online.target
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1103773: openssh-server: systemd unit to After=network-online.target
  - From: Timo Weingärtner <tiwe@debian.org>

Prev by Date: Bug#1103720: ssh-askpass-gnome prompts for confirmation, but the connection is always allowed
Next by Date: Bug#1103773: openssh-server: systemd unit to After=network-online.target
Previous by thread: Bug#1103720: marked as done (ssh-askpass-gnome prompts for confirmation, but the connection is always allowed)
Next by thread: Bug#1103773: openssh-server: systemd unit to After=network-online.target
Index(es):
- Date
- Thread