Your message dated Wed, 29 Dec 2021 01:33:30 +0000
with message-id <[email protected]>
and subject line Bug#1001320: fixed in openssh 1:8.7p1-3
has caused the Debian Bug report #1001320,
regarding needrestart misdetects socket activated ssh and restarts service
instead of socket
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1001320: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001320
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssh-server
Version: 1:8.7p1-2
Severity: minor
Hi,
I am running a number of test systems with ssh as socket activated
service. Sometimes, after an update, I find myself without ssh access to
those systems (connection refused). After a console login and systemctl
restart ssh.socket, things are fine again.
I THINK this might be connected to needrestart. Today, a libc6 update
marked the running ssh daemon (that I was using for the update) as using
obsolete libraries, which resulted in the following console output:
Restarting services...
systemctl restart console-log.service cron.service exim4.service
haveged.service ippl.service ntp.service rsyslog.service
[email protected] ssh.service systemd-journald.service
systemd-networkd.service systemd-resolved.service systemd-udevd.service
Job for ssh.service failed because the control process exited with error code.
See "systemctl status ssh.service" and "journalctl -xeu ssh.service" for
details.
Service restarts being deferred:
/etc/needrestart/restart.d/dbus.service
systemctl restart [email protected]
systemctl restart systemd-logind.service
systemctl restart [email protected]
and the following log entries:
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping LSB: Puts a logfile pager
on virtual consoles...
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping Regular background program
processing daemon...
Dec 8 12:58:26 emptybookworm82 systemd[1]: cron.service: Deactivated
successfully.
Dec 8 12:58:26 emptybookworm82 cron[429258]: (CRON) INFO (pidfile fd = 3)
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopped Regular background program
processing daemon.
Dec 8 12:58:26 emptybookworm82 systemd[1]: cron.service: Consumed 15min 4.856s
CPU time.
Dec 8 12:58:26 emptybookworm82 systemd[1]: Started Regular background program
processing daemon.
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping LSB: exim Mail Transport
Agent...
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping Entropy Daemon based on
the HAVEGE algorithm...
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping LSB: IP protocols logger...
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping Network Time Service...
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping System Logging Service...
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping Serial Getty on ttyS0...
Dec 8 12:58:26 emptybookworm82 systemd[1]: [email protected]:
Deactivated successfully.
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopped Serial Getty on ttyS0.
Dec 8 12:58:26 emptybookworm82 systemd[1]: Started Serial Getty on ttyS0.
Dec 8 12:58:26 emptybookworm82 systemd[1]: ssh.socket: Deactivated
successfully.
Dec 8 12:58:26 emptybookworm82 systemd[1]: Closed OpenBSD Secure Shell server
socket.
Dec 8 12:58:26 emptybookworm82 systemd[1]: ssh.socket: Consumed 10.571s CPU
time.
Dec 8 12:58:26 emptybookworm82 systemd[1]: Starting OpenBSD Secure Shell
server...
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping Flush Journal to
Persistent Storage...
Dec 8 12:58:26 emptybookworm82 systemd[1]:
systemd-networkd-wait-online.service: Deactivated successfully.
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopped Wait for Network to be
Configured.
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping Wait for Network to be
Configured...
Dec 8 12:58:26 emptybookworm82 systemd[1]: Stopping Network Name Resolution...
Dec 8 12:58:26 emptybookworm82 systemd[1]: ssh.service: Main process exited,
code=exited, status=255/EXCEPTION
Dec 8 12:58:26 emptybookworm82 systemd[1]: ssh.service: Failed with result
'exit-code'.
Dec 8 12:58:26 emptybookworm82 systemd[1]: Failed to start OpenBSD Secure
Shell server.
Dec 8 12:58:26 emptybookworm82 ntpd[298]: ntpd exiting on signal 15
(Terminated)
Dec 8 12:58:26 emptybookworm82 ntpd[298]: 2a01:4f8:140:246a::2 local addr
2a01:4f8:140:246a::52:100 -> <null>
Dec 8 12:58:26 emptybookworm82 haveged[220]: haveged: Stopping due to signal 15
Dec 8 12:58:27 emptybookworm82 cron[429258]: (CRON) INFO (Skipping @reboot
jobs -- not system startup)
Dec 8 12:58:27 emptybookworm82 systemd[1]: systemd-journal-flush.service:
Deactivated successfully.
Dec 8 12:58:27 emptybookworm82 systemd[1]: Stopped Flush Journal to Persistent
Storage.
Dec 8 12:58:27 emptybookworm82 exim4[429259]: exim4_listener.
To me, this looks like needrestart misdetects the sshd process as having
been started by an ssh.service instead of an [email protected], and that
stopping ssh.service stops ssh.socket for some reason (systemd
dependency?). Afterwards, ssh.service is restarted (which fails because
the port is still busy), and ssh.socket stays off, resulting in an
unreachable host.
Can you as the ssh maintainer give some insight whether this is an ssh,
a needrestart or an systemd issue? It definetely is annoying.
Greetings
Marc
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:8.7p1-3
Done: Colin Watson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Dec 2021 01:12:00 +0000
Source: openssh
Architecture: source
Version: 1:8.7p1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1001320
Changes:
openssh (1:8.7p1-3) unstable; urgency=medium
.
* Include unit test binaries in openssh-tests even if building with
DEB_BUILD_OPTIONS=nocheck.
* Install built version of sshd_config, with corrected PATH and PidFile.
* Upgrade to debhelper v13.
* debian/copyright: Use HTTPS in Source field.
* Update renamed Lintian tag name in Lintian override.
* debian/watch: Upgrade to version 4.
* Clarify instructions for using socket activation to avoid accidental
attempts to start the non-socket-activated service that can result in
systems without a running sshd (closes: #1001320).
* Remove maintainer script code for upgrades from before Debian 9.
* Make the sysvinit script provide "ssh" as well as "sshd".
* Set Rules-Requires-Root: no.
* Use dh_installalternatives.
* Simplify some debhelper overrides slightly.
Checksums-Sha1:
e01bfb04fa3055e9b9490db0e777e7fa77ac9859 3347 openssh_8.7p1-3.dsc
78222408f2b05b0161459bceca34a4ef3e78b20a 185628 openssh_8.7p1-3.debian.tar.xz
Checksums-Sha256:
88bbbe5f444f773a3e293a382e7415114c022f906aad11af46af281f48cccd94 3347
openssh_8.7p1-3.dsc
19bfcd79009cd1b57b7959d117092d2a5dcba156182a83177647c184d6eccce9 185628
openssh_8.7p1-3.debian.tar.xz
Files:
5519ae7693636cf246b6b307172e3673 3347 net standard openssh_8.7p1-3.dsc
0c2d9dd6b5c5742de7036cb57ae2be72 185628 net standard
openssh_8.7p1-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmHLtgIACgkQOTWH2X2G
UAtpJBAAg5x6wzu5afkpwOaQtDqrwaSFy00KY7nJVdvXnxOFamhLoxZOUA2pLeLw
LkiXTMXCilI/guYg+QO7yaFAD5BA3P4CWZoiEs3mvDa+DMt/QbCnBj+HoJxAoSbX
8qz6UaqRbyrEIen4f4pY1eHH9vFFQjSixedGeIXSF2GjuQ3Mn4kK5jpraIAwK6eJ
XFnSPrrjj6wmmlXogAzPAHqknh3uRpSxzM42aMDBcjiGjg5cXf2Ym5e0CSS2wGwy
PeuLqfGArtxYEegnUFPCtQWIxpmBUX/YizZHkN2+BuHhFBhBJZIxciWWbBtaBdnd
BwBznu/rjhbHRXvDZbcboH0dmSqsmpT1DZ0RsuYTg6ghcQMsKQsO3O0TLOlmo10f
SzI62TrQ5eqAWujyC47sg+2vJx0+ALKrrGRV5IQ/B3ailsInbJKNW1AQstrkf9rd
duonAEj8ExRSpu1/kvD7FGLVgomLhD88jQhUjJJfDOfTcr+IRxkvI+5iUXVifFFi
sEJ2lNatACxm6xL5/G7MIWU/kTCejR9IZRbI1hX3Ekteat9DbZCwsC6UmGeDn7dh
LKMCmVNoLHtbI/Wclf4G84nbIMoq/Tgv/A/xWRkqR9c384PSLmeALMW1ctfS74OQ
cYOYsydLZAvmDb+DB2QP+gybFWzFZT2TXyCJK4Hcd1WwWDnKeZ8=
=bHM8
-----END PGP SIGNATURE-----
--- End Message ---
