No ssh service after upgrade from trixie Sid to forky Sid

To: debian-user@lists.debian.org
Subject: No ssh service after upgrade from trixie Sid to forky Sid
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Thu, 11 Sep 2025 23:00:33 +0200
Message-id: <[🔎] 5055476451661445534@scdbackup.webframe.org>

Hi,

i suspect that upgrading a 2 year old early "trixie" Sid VM remains
incomplete and has spoiled ssh access to the VM from its Debian 12
host system.

The attempt to restart the ssh service fails.
The output of
  journalctl -xeu ssh.service
contains this message:
-----------------------------------------------------------------------
Sep 11 21:15:30 ts6-sid sshd[31635]: OpenSSL version mismatch. Built against 30000090, you have 30500010
-----------------------------------------------------------------------

Upgrade to unstable ended by
-----------------------------------------------------------------------
E: Sub-process /usr/bin/dpkg returned an error code (1)
E: Unable to read /tmp/apt-dpkg-install-cvyXki - opendir (2: No such file or directory)
-----------------------------------------------------------------------

Upgrade to released trixie ended by
-----------------------------------------------------------------------
Errors were encountered while processing:
 /tmp/apt-dpkg-install-ZZT1ps/161-gnome-themes-extra-data_3.28-4_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
-----------------------------------------------------------------------

Any idea how to solve this "OpenSSL version mismatch" while the
VM is still running ?

(Dunno how long i can keep VM and the two remaining ssh sessions
running in this state. New ssh connections are obviously impossible
for now.)

Are these "E:" endings an indication that the upgrade is incomplete ?
(Or are they just a summary at the end ?)
If incomplete: Can i resume ?


=======================================================================
Long story:

Affected is a "trixie" Sid VM disk image which i want to upgrade to the
current "forky" Sid. Last upgrade was two years ago.
The host system is Debian 12. It runs the machine by this oldish
command:

  qemu-system-x86_64 -enable-kvm -nographic -m 1024 \
                     -net nic -net user,hostfwd=tcp::5557-:22 \
                     -drive file=...,index=0,media=disk,format=raw

The VM system began its life on other iron as Jessie to become
"stretch" Sid. Since then the active entries in /etc/apt/sources.list
are
  deb http://ftp.de.debian.org/debian/ unstable main
  deb-src http://ftp.de.debian.org/debian/ unstable main
My usual way to upgrade was
  apt-get update
  apt-get dist-upgrade

Today the dist-upgrade ended by
-----------------------------------------------------------------------
...
Preparing to unpack .../2-libnss-nis_3.1-5+b1_amd64.deb ...
Unpacking libnss-nis:amd64 (3.1-5+b1) over (3.1-4) ...
dpkg-deb: error: failed to read archive '/tmp/apt-dpkg-install-cvyXki/2-libnss-nis_3.1-5+b1_amd64.deb': No such file or directory
dpkg: error processing archive /tmp/apt-dpkg-install-cvyXki/2-libnss-nis_3.1-5+b1_amd64.deb (--unpack):
 dpkg-deb --fsys-tarfile subprocess returned error exit status 2
dpkg: error processing archive /tmp/apt-dpkg-install-cvyXki/3-libc-devtools_2.41-12_amd64.deb (--unpack):
...
Errors were encountered while processing:
 /tmp/apt-dpkg-install-cvyXki/2-libnss-nis_3.1-5+b1_amd64.deb
 /tmp/apt-dpkg-install-cvyXki/3-libc-devtools_2.41-12_amd64.deb
 /tmp/apt-dpkg-install-cvyXki/4-libc-dev-bin_2.41-12_amd64.deb
 /tmp/apt-dpkg-install-cvyXki/5-libcrypt1_1%3a4.4.38-1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
E: Unable to read /tmp/apt-dpkg-install-cvyXki - opendir (2: No such file or directory)
-----------------------------------------------------------------------

The log is 7512 lines long. It's predecessor from 2023 has 10773
lines.
There are no lines "Processing triggers" to see in today's log.

In the VM running the disk image before upgrade i can login with id_rsa 
and id_ed25519. With the image after upgrade, ssh -v from the Debian 12
host system fails quite early:
-----------------------------------------------------------------------
debug1: Connection established.
debug1: identity file .../.ssh/id_rsa type 0
debug1: identity file .../.ssh/id_rsa-cert type -1
...
debug1: identity file .../.ssh/id_ed25519 type 3
...
debug1: identity file .../.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
kex_exchange_identification: Connection closed by remote host
Connection closed by 127.0.0.1 port 5557
-----------------------------------------------------------------------

I started again with a copy of the working Sid disk image and upgraded
to trixie instead of unstable, according to
  https://www.debian.org/releases/trixie/release-notes/upgrading.en.html

Quite early in the apt full-upgrade it was not possible to initiate
new ssh connections to the VM. The two existing connections continue
to work.

Finally the full-upgrade to trixie ended similarly to the upgrade to
Sid:
-----------------------------------------------------------------------
...
electing previously unselected package gnome-themes-extra-data.
Preparing to unpack .../161-gnome-themes-extra-data_3.28-4_all.deb ...
Unpacking gnome-themes-extra-data (3.28-4) ...
dpkg: error processing archive /tmp/apt-dpkg-install-ZZT1ps/161-gnome-themes-extra-data_3.28-4_all.deb (--unpack):
 trying to overwrite '/usr/share/themes/Adwaita/gtk-2.0/apps.rc', which is also in package gnome-themes-standard-data (3.22.3-1)
...
Errors were encountered while processing:
 /tmp/apt-dpkg-install-ZZT1ps/161-gnome-themes-extra-data_3.28-4_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
-----------------------------------------------------------------------

An attempt to restart the ssh service yielded:
-----------------------------------------------------------------------
# service ssh restart
Job for ssh.service failed because the control process exited with error code.
See "systemctl status ssh.service" and "journalctl -xeu ssh.service" for details.
#
-----------------------------------------------------------------------

journalctl shows after the successful logins before upgrade that the
service was stopped during the upgrade and from then on fails to
start:
-----------------------------------------------------------------------
# journalctl -xeu ssh.service 
...
Sep 11 21:10:53 ts6-sid sshd[581]: Received signal 15; terminating.
Sep 11 21:10:53 ts6-sid systemd[1]: Stopping ssh.service - OpenBSD Secure Shell server...
...
Sep 11 21:10:53 ts6-sid systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
...
Sep 11 21:10:53 ts6-sid systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
...
Sep 11 21:15:30 ts6-sid sshd[31635]: OpenSSL version mismatch. Built against 30000090, you have 30500010
...
Sep 11 21:45:55 ts6-sid sshd[26290]: Received signal 15; terminating.
...
   The unit ssh.service has entered the 'failed' state with result 'exit-code'.
...
--------------------------------------------------------------------


Have a nice day :)

Thomas

Reply to:

Follow-Ups:
- Re: No ssh service after upgrade from trixie Sid to forky Sid
  - From: Max Nikulin <manikulin@gmail.com>
- Re: No ssh service after upgrade from trixie Sid to forky Sid
  - From: "mick.crane" <mick.crane@gmail.com>

Prev by Date: Re: How mdadm checks periodically the array in Debian 13 Trixie?
Next by Date: Re: Laptop resumes each 1h13 after suspend-to-ram
Previous by thread: Re: Laptop resumes each 1h13 after suspend-to-ram
Next by thread: Re: No ssh service after upgrade from trixie Sid to forky Sid
Index(es):
- Date
- Thread