Public bug reported:
Ubuntu: 18.04.2 LTS
OpenSSH: 7.6p1
I am having a problem starting multiple sshd processes. The default location of
the sshd privilege separation directory is hard-coded to /run/sshd (see man
page). The original OpenSSH 7.6p1 located this file are /var/empty. Somehow the
default location in the pathnames.h for _PATH_PRIVSEP_CHROOT_DIR has been
changed from /var/empty to /run/sshd. I have asked OpenSSH to provision the
ability to change this directory location from either the command-line or the
sshd_config file; Theo de Raadt, et. al. pretty much said "NO!" using some
rather provocative language.
Here is the problem with using /run/sshd:
1) Every time there is a boot, the /run directory is cleaned out.
2) The /etc/init.d/ssh script is required to check and mkdir the /run/sshd
directory.
3) If you have multiple service scripts, like lan_ssh and wan_ssh, the 2
scripts conflict in the generation and creation of the /run/sshd directory.
4) The only work-around I have found is to have a rc.local script mkdir the
/run/sshd directory and remove the mkdir /run/sshd from the /etc/init.d/
scripts.
If we revert back to the /var/empty directory approach and remove the "mkdir
/run/sshd" operation from the /etc/init.d/ script(s), this problem goes away
since the system does not recreate /var during every boot.
This would require 1 of 2 changes to the existing release of sshd, specifically:
1) Change the default location of the privilege separation directory from
/run/sshd back to the original /var/empty. This would require the install
script to create this directory if it does not already exist.
2) Modify the sshd.c file to provision the ability to change the default
location of the privilege separation directory.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1831765
Title:
Privilege Separation Directory default
Status in openssh package in Ubuntu:
New
Bug description:
Ubuntu: 18.04.2 LTS
OpenSSH: 7.6p1
I am having a problem starting multiple sshd processes. The default location
of the sshd privilege separation directory is hard-coded to /run/sshd (see man
page). The original OpenSSH 7.6p1 located this file are /var/empty. Somehow the
default location in the pathnames.h for _PATH_PRIVSEP_CHROOT_DIR has been
changed from /var/empty to /run/sshd. I have asked OpenSSH to provision the
ability to change this directory location from either the command-line or the
sshd_config file; Theo de Raadt, et. al. pretty much said "NO!" using some
rather provocative language.
Here is the problem with using /run/sshd:
1) Every time there is a boot, the /run directory is cleaned out.
2) The /etc/init.d/ssh script is required to check and mkdir the /run/sshd
directory.
3) If you have multiple service scripts, like lan_ssh and wan_ssh, the 2
scripts conflict in the generation and creation of the /run/sshd directory.
4) The only work-around I have found is to have a rc.local script mkdir the
/run/sshd directory and remove the mkdir /run/sshd from the /etc/init.d/
scripts.
If we revert back to the /var/empty directory approach and remove the "mkdir
/run/sshd" operation from the /etc/init.d/ script(s), this problem goes away
since the system does not recreate /var during every boot.
This would require 1 of 2 changes to the existing release of sshd,
specifically:
1) Change the default location of the privilege separation directory from
/run/sshd back to the original /var/empty. This would require the install
script to create this directory if it does not already exist.
2) Modify the sshd.c file to provision the ability to change the default
location of the privilege separation directory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1831765/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
