[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Launchpad Bug Tracker]

This bug was fixed in the package openssh - 1:8.2p1-4ubuntu0.1

---
openssh (1:8.2p1-4ubuntu0.1) focal; urgency=medium

  * d/p/lp-1876320-*: avoid applying defaults for every include statement
(LP: #1876320)

 -- Christian Ehrhardt   Fri, 29 May
2020 09:37:09 +0200

** Changed in: openssh (Ubuntu Focal)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Fix Released
Status in openssh package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The "Port" option in sshd_config is accumulative, but due to a bug re-
 adds the default when an include is encountered. Therefore we have these 
 cases
 a) Port 722
Listens on 722 (correct)
 b) Port 722
Port 
Listens on 722 &  (correct)
 c) Port 722
include /path/to/otherconfig
Listens on 722 & 22 (applied defaults as if Port was unset)

   * Of the above (c) is a bug, not documented that way and can lead to open 
 ports not expected and not wanted.

  [Test Case]

  * Test if defaults are applied even if option is specified

  Rename sshd_config to something_else and replace sshd_config with two
  lines to include the original config (now called something_else) and
  set the Port to 7722:

  systemctl stop ssh
  mv /etc/ssh/sshd_config /etc/ssh/something_else
  cat > /etc/ssh/sshd_config 

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Christian Ehrhardt ]

Retest as-is:

root@f:~# dpkg -l openssh-server
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version  Architecture Description
+++-==---=
ii  openssh-server 1:8.2p1-4amd64secure shell (SSH) server, for 
secure access from remote machines
root@f:~# systemctl stop ssh
root@f:~# mv /etc/ssh/sshd_config /etc/ssh/something_else
root@f:~# cat > /etc/ssh/sshd_config < Include /etc/ssh/something_else
> Port 7722
> EOF
root@f:~# systemctl start ssh
root@f:~# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
 Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: 
enabled)
 Active: active (running) since Wed 2020-06-17 11:23:58 UTC; 4s ago
   Docs: man:sshd(8)
 man:sshd_config(5)
Process: 60797 ExecStartPre=/usr/sbin/sshd -t (code=exited, 
status=0/SUCCESS)
   Main PID: 60798 (sshd)
  Tasks: 1 (limit: 38269)
 Memory: 2.6M
 CGroup: /system.slice/ssh.service
 └─60798 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Jun 17 11:23:58 f systemd[1]: Starting OpenBSD Secure Shell server...
Jun 17 11:23:58 f sshd[60798]: Server listening on 0.0.0.0 port 7722.
Jun 17 11:23:58 f sshd[60798]: Server listening on :: port 7722.
Jun 17 11:23:58 f systemd[1]: Started OpenBSD Secure Shell server.
Jun 17 11:23:58 f sshd[60798]: Server listening on 0.0.0.0 port 22.
Jun 17 11:23:58 f sshd[60798]: Server listening on :: port 22.

Confirmed.

Installing from proposed:
root@f:~# apt install openssh-server
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following additional packages will be installed:
  openssh-client openssh-sftp-server
Suggested packages:
  keychain libpam-ssh monkeysphere ssh-askpass molly-guard
The following packages will be upgraded:
  openssh-client openssh-server openssh-sftp-server
3 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.
Need to get 1101 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 
openssh-sftp-server amd64 1:8.2p1-4ubuntu0.1 [51.5 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 openssh-server 
amd64 1:8.2p1-4ubuntu0.1 [377 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 openssh-client 
amd64 1:8.2p1-4ubuntu0.1 [672 kB]
Fetched 1101 kB in 0s (2445 kB/s)  
Preconfiguring packages ...
(Reading database ... 55167 files and directories currently installed.)
Preparing to unpack .../openssh-sftp-server_1%3a8.2p1-4ubuntu0.1_amd64.deb ...
Unpacking openssh-sftp-server (1:8.2p1-4ubuntu0.1) over (1:8.2p1-4) ...
Preparing to unpack .../openssh-server_1%3a8.2p1-4ubuntu0.1_amd64.deb ...
Unpacking openssh-server (1:8.2p1-4ubuntu0.1) over (1:8.2p1-4) ...
Preparing to unpack .../openssh-client_1%3a8.2p1-4ubuntu0.1_amd64.deb ...
Unpacking openssh-client (1:8.2p1-4ubuntu0.1) over (1:8.2p1-4) ...
Setting up openssh-client (1:8.2p1-4ubuntu0.1) ...
Setting up openssh-sftp-server (1:8.2p1-4ubuntu0.1) ...
Setting up openssh-server (1:8.2p1-4ubuntu0.1) ...
rescue-ssh.target is a disabled or a static unit, not starting it.
Processing triggers for systemd (245.4-4ubuntu3.1) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for ufw (0.36-6) ...

Correctly picks up just the right port now

root@f:~# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
 Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: 
enabled)
 Active: active (running) since Wed 2020-06-17 11:37:33 UTC; 25s ago
   Docs: man:sshd(8)
 man:sshd_config(5)
   Main PID: 65295 (sshd)
  Tasks: 1 (limit: 38269)
 Memory: 1.6M
 CGroup: /system.slice/ssh.service
 └─65295 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Jun 17 11:37:33 f systemd[1]: Starting OpenBSD Secure Shell server...
Jun 17 11:37:33 f sshd[65295]: Server listening on 0.0.0.0 port 7722.
Jun 17 11:37:33 f sshd[65295]: Server listening on :: port 7722.
Jun 17 11:37:33 f systemd[1]: Started OpenBSD Secure Shell server.

Nothing on an unconfigured port left:

root@f:~# ss -tl | grep -e '22 '
LISTEN  0   128  0.0.0.0:77220.0.0.0:*  
LISTEN  0   128 [::]:7722   [::]:*  

** Tags removed: verification-needed verification-needed-focal
** Tags added: verification-done verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Christian Ehrhardt ]

FYI: The tests were already retried (thanks seb128) and are good now

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Fix Committed
Status in openssh package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The "Port" option in sshd_config is accumulative, but due to a bug re-
 adds the default when an include is encountered. Therefore we have these 
 cases
 a) Port 722
Listens on 722 (correct)
 b) Port 722
Port 
Listens on 722 &  (correct)
 c) Port 722
include /path/to/otherconfig
Listens on 722 & 22 (applied defaults as if Port was unset)

   * Of the above (c) is a bug, not documented that way and can lead to open 
 ports not expected and not wanted.

  [Test Case]

  * Test if defaults are applied even if option is specified

  Rename sshd_config to something_else and replace sshd_config with two
  lines to include the original config (now called something_else) and
  set the Port to 7722:

  systemctl stop ssh
  mv /etc/ssh/sshd_config /etc/ssh/something_else
  cat > /etc/ssh/sshd_config 

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Brian Murray]

Hello Adriaan, or anyone else affected,

Accepted openssh into focal-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.1 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: openssh (Ubuntu Focal)
   Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Fix Committed
Status in openssh package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The "Port" option in sshd_config is accumulative, but due to a bug re-
 adds the default when an include is encountered. Therefore we have these 
 cases
 a) Port 722
Listens on 722 (correct)
 b) Port 722
Port 
Listens on 722 &  (correct)
 c) Port 722
include /path/to/otherconfig
Listens on 722 & 22 (applied defaults as if Port was unset)

   * Of the above (c) is a bug, not documented that way and can lead to open 
 ports not expected and not wanted.

  [Test Case]

  * Test if defaults are applied even if option is specified

  Rename sshd_config to something_else and replace sshd_config with two
  lines to include the original config (now called something_else) and
  set the Port to 7722:

  systemctl stop ssh
  mv /etc/ssh/sshd_config /etc/ssh/something_else
  cat > /etc/ssh/sshd_config 

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Bug Watch Updater]

** Changed in: openssh (Debian)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  In Progress
Status in openssh package in Debian:
  Fix Released

Bug description:
  [Impact]

   * The "Port" option in sshd_config is accumulative, but due to a bug re-
 adds the default when an include is encountered. Therefore we have these 
 cases
 a) Port 722
Listens on 722 (correct)
 b) Port 722
Port 
Listens on 722 &  (correct)
 c) Port 722
include /path/to/otherconfig
Listens on 722 & 22 (applied defaults as if Port was unset)

   * Of the above (c) is a bug, not documented that way and can lead to open 
 ports not expected and not wanted.

  [Test Case]

  * Test if defaults are applied even if option is specified

  Rename sshd_config to something_else and replace sshd_config with two
  lines to include the original config (now called something_else) and
  set the Port to 7722:

  systemctl stop ssh
  mv /etc/ssh/sshd_config /etc/ssh/something_else
  cat > /etc/ssh/sshd_config 

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Christian Ehrhardt ]

FYI
- 1:8.2p1-4ubuntu1 migrated into groovy
- 1:8.3p1-1 got into Debian containing the fix, so this can be a sync again
- added SRU template here
- uploaded to Focal-unapproved

** Description changed:

+ [Impact]
+ 
+  * The "Port" option in sshd_config is accumulative, but due to a bug re-
+adds the default when an include is encountered. Therefore we have these 
+cases
+a) Port 722
+   Listens on 722 (correct)
+b) Port 722
+   Port 
+   Listens on 722 &  (correct)
+c) Port 722
+   include /path/to/otherconfig
+   Listens on 722 & 22 (applied defaults as if Port was unset)
+ 
+  * Of the above (c) is a bug, not documented that way and can lead to open 
+ports not expected and not wanted.
+ 
+ [Test Case]
+ 
+ * Test if defaults are applied even if option is specified
+ 
+ Rename sshd_config to something_else and replace sshd_config with two
+ lines to include the original config (now called something_else) and set
+ the Port to 7722:
+ 
+ systemctl stop ssh
+ mv /etc/ssh/sshd_config /etc/ssh/something_else
+ cat > /etc/ssh/sshd_config  /etc/ssh/sshd_config 

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Launchpad Bug Tracker]

This bug was fixed in the package openssh - 1:8.2p1-4ubuntu1

---
openssh (1:8.2p1-4ubuntu1) groovy; urgency=medium

  * d/p/lp-1876320-*: avoid applying defaults for every include statement
(LP: #1876320)

 -- Christian Ehrhardt   Fri, 29 May
2020 09:37:09 +0200

** Changed in: openssh (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  In Progress
Status in openssh package in Debian:
  New

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Bug Watch Updater]

** Changed in: openssh (Debian)
   Status: Unknown => New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  In Progress
Status in openssh source package in Focal:
  In Progress
Status in openssh package in Debian:
  New

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Christian Ehrhardt ]

Ok, uploaded to Groovy as Delta for now.

In addition I filed https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=962035 to later on be able to make it a sync
again.

** Bug watch added: Debian Bug tracker #962035
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962035

** Also affects: openssh (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962035
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  In Progress
Status in openssh source package in Focal:
  In Progress
Status in openssh package in Debian:
  Unknown

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Christian Ehrhardt ]

MPs ready, I asked cjwatson if in Groovy he prefers this as Ubuntu Delta
or as a new Debian upload that will sync in. Once Groovy is complete
either way we can start the SRU process for focal.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  In Progress
Status in openssh source package in Focal:
  In Progress

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Lucas Kanashiro]

** Changed in: openssh (Ubuntu)
   Status: Triaged => In Progress

** Changed in: openssh (Ubuntu Focal)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  In Progress
Status in openssh source package in Focal:
  In Progress

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Paride Legovini]

Thanks for verifying. The patch will be applied to the OpenSSH version
already in Focal, so OpenSSH will stay at version 8.2 in Focal.

Christian set up the PPA specifically for testing the patched package,
it's not meant for production use. It's unlikely that you'll hit any
surprise by using it, but it's entirely up to you. The patched package
meant for production will eventually land in focal-updates.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Focal:
  Triaged

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Adriaan van Nijendaal]

I have installed (another) fresh Ubuntu Server, got all the updates (apt
dist-upgrade), added the PPA (add-apt-repository ppa:ci-train-ppa-
service/4080) and updated again: openssh server, client and sftp were
replaced. Juggled config files and lines in config files as described
above, and:

The problem has gone away.

Question: should I use this PPA for a production system? Or should I
(and maybe others) keep using work-arounds and wait for OpenSSH 8.4 to
show up?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Focal:
  Triaged

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Christian Ehrhardt ]

I have prepared a PPA with the fix and would appreciate if that could be tried 
and tested:
@Adriaan - would you be so kind to confirm that this fixes your real case?

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4080

Furthermore as I expect this will work well I also have merge proposals to fix 
this in Groovy and later Focal:
https://code.launchpad.net/~paelzer/ubuntu/+source/openssh/+git/openssh/+merge/384813
https://code.launchpad.net/~paelzer/ubuntu/+source/openssh/+git/openssh/+merge/384814

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Focal:
  Triaged

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Launchpad Bug Tracker]

** Merge proposal linked:
   
https://code.launchpad.net/~paelzer/ubuntu/+source/openssh/+git/openssh/+merge/384813

** Merge proposal linked:
   
https://code.launchpad.net/~paelzer/ubuntu/+source/openssh/+git/openssh/+merge/384814

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Focal:
  Triaged

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Christian Ehrhardt ]

Final committed fix for this issue:
https://anongit.mindrot.org/openssh.git/commit/?id=0a9a611619b0a1fecd0195ec86a9885f5d681c84

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Focal:
  Triaged

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Christian Ehrhardt ]

FYI: "Include" functionality was added in 8.2 by upstream.
Thereby as already triaged only >=Focal is affected

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Focal:
  Triaged

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Paride Legovini]

The upstream bug now has a patch attached, so I'm tagging this server-
next.

** Tags added: server-next

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Focal:
  Triaged

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Lucas Kanashiro]

** Also affects: openssh (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Changed in: openssh (Ubuntu Focal)
   Status: New => Triaged

** Changed in: openssh (Ubuntu Focal)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Focal:
  Triaged

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Paride Legovini]

Excellent, thanks Adriaan! I linked this bug report to the upstream bug,
so its status will be automatically monitored by Launchpad.

** Also affects: openssh via
   https://bugzilla.mindrot.org/show_bug.cgi?id=3169
   Importance: Unknown
   Status: Unknown

** Changed in: openssh (Ubuntu)
   Status: Incomplete => Triaged

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Adriaan van Nijendaal]

(Finally) found the time to report it to OpenSSH:
https://bugzilla.mindrot.org/show_bug.cgi?id=3169 Thanks, Paride, Seth
and Simon, for your help.

** Bug watch added: OpenSSH Portable Bugzilla #3169
   https://bugzilla.mindrot.org/show_bug.cgi?id=3169

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Paride Legovini]

@Adriaan thanks for providing some minimal steps to reproduce the
problem, I indeed can reproduce it. Interestingly reversing the two
sshd_config lines, like this:

  Port 7722
  Include /etc/ssh/something_else

causes sshd to listen only on port 7722. I think this is an upstream
OpenSSH bug, and should be reported to the upstream portable OpenSSH bug
tracker:

  https://bugzilla.mindrot.org/

I had a look at the existing bugs but only found this one related to the
Include functionality:

  https://bugzilla.mindrot.org/show_bug.cgi?id=3122

It's a problem specific to Match stanzas, so I don't think it applies
here, however it tells us there are probably still some edge cases to
iron out. Do you think you can follow up and file a bug upstream? If you
do, please link to it here. Thanks!

** Bug watch added: OpenSSH Portable Bugzilla #3122
   https://bugzilla.mindrot.org/show_bug.cgi?id=3122

** Changed in: openssh (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Adriaan van Nijendaal]

Thank you Simon and Seth, for your quick response. I have looked into
this further by installing a virgin Ubuntu Server 20.04 with SSH.

Changing the 'Port' in /etc/ssh/sshd_config to 7722 starts sshd on port
7722 and NOT on port 22, just like you said, Simon. BUT:

Rename sshd_config to something_else and replace sshd_config with two
lines to include the original config (now called something_else) and set
the Port to 7722:

systemctl stop ssh
mv /etc/ssh/sshd_config /etc/ssh/something_else
cat > /etc/ssh/sshd_config 

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Seth Arnold]

Check also `systemctl cat ssh.service` and `systemctl cat
secondssh.service` -- sshd also accepts parameters on the commandline,
perhaps the port is being specified outside of the configuration files.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in openssh package in Ubuntu:
  New

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Simon Déziel]

On a stock install, adding "Port 7722" to /etc/ssh/sshd_config and
restarting sshd gives me this:

# ss -nltp | grep sshd
LISTEN0 128 0.0.0.0:77220.0.0.0:* 
users:(("sshd",pid=10651,fd=3))
LISTEN0 128 [::]:7722   [::]:*
users:(("sshd",pid=10651,fd=4)) 

So 1 daemon, bounding to port 7722 on IPv4 and IPv6 wildcards.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in openssh package in Ubuntu:
  New

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

[Simon Déziel]

@Adriaan, are there really 2 sshd running? Or is it only one binding to
the 2 ports and applying different parameter using Match conditions?
Beware what on 20.04, there is support for additional config snippets
dropped in /etc/ssh/sshd_config.d/*.conf.

To check for 2 daemons:

sudo ss -nltp | grep sshd

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in openssh package in Ubuntu:
  New

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp