Package: monit
Version: 1:5.26.0-1~bpo10+1
Severity: normal
File: /etc/monit/conf-available/openssh-server
Hello,
I upgraded monit to the version from buster-backports and it updated the
file /etc/monit/conf-available/openssh-server. However, this file marks
the sshd service dependent on sshd_dsa_key, but fails to provide a
definition for it. This broke my upgrade as monit wouldn't start since
I have the openssh-server template included in my monit configuration
(via a symlink in /etc/monit/conf-enabled).
Here's a patch that fixes the issue for me:
--- openssh-server.orig 2019-07-13 05:21:25.000000000 +0000
+++ openssh-server 2019-07-23 01:55:55.655575968 +0000
@@ -23,6 +23,10 @@
group sshd
include /etc/monit/templates/rootstrict
+ check file sshd_dsa_key with path /etc/ssh/ssh_host_dsa_key
+ group sshd
+ include /etc/monit/templates/rootstrict
+
check file sshd_rc with path /etc/ssh/sshd_config
group sshd
include /etc/monit/templates/rootrc
While you're at it, you might want to include sections for the ecdsa &
ed25519 keys. But, that's probably a separate bug and likely needs to
go upstream...
Thanks for maintaining this package!
--Joe
-- Package-specific info:
-- System Information:
Debian Release: 10.0
APT prefers stable-debug
APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages monit depends on:
ii libc6 2.28-10
ii libpam0g 1.3.1-5
ii libssl1.1 1.1.1c-1
ii lsb-base 10.2019051400
ii zlib1g 1:1.2.11.dfsg-1
monit recommends no packages.
Versions of packages monit suggests:
ii msmtp-mta [mail-transport-agent] 1.8.3-1
pn sysvinit-core <none>
-- no debconf information
