[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
This bug was fixed in the package openssh - 1:8.2p1-4ubuntu0.3 --- openssh (1:8.2p1-4ubuntu0.3) focal; urgency=medium * d/systemd/ssh@.service: preserve the systemd managed runtime directory to ensure parallel processes will not disrupt one another when halting (LP: #1905285) -- Athos Ribeiro Fri, 23 Jul 2021 09:55:12 -0300 ** Changed in: openssh (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
This bug was fixed in the package openssh - 1:8.4p1-5ubuntu1.1 --- openssh (1:8.4p1-5ubuntu1.1) hirsute; urgency=medium * d/systemd/ssh@.service: preserve the systemd managed runtime directory to ensure parallel processes will not disrupt one another when halting (LP: #1905285) -- Athos Ribeiro Wed, 28 Jul 2021 10:33:49 -0300 ** Changed in: openssh (Ubuntu Hirsute) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
I verified the fixes by following the steps in the test plan described above by using the attached script on both focal and hirsute LXC containers. The tests show that the patch successfully fixes the described issue. ** Attachment added: "reproduce.sh" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+attachment/5515564/+files/reproduce.sh ** Tags removed: verification-needed verification-needed-focal verification-needed-hirsute ** Tags added: verification-done verification-done-focal verification-done-hirsute -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
Hello Marcin, or anyone else affected, Accepted openssh into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssh/1:8.2p1-4ubuntu0.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssh (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
Hello Marcin, or anyone else affected, Accepted openssh into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssh/1:8.4p1-5ubuntu1.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssh (Ubuntu Hirsute) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-hirsute -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
Thanks, Robie! I proposed a patch for hirsute which was already uploaded. ** Changed in: openssh (Ubuntu Hirsute) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
** Merge proposal linked: https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/openssh/+git/openssh/+merge/406318 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
** Also affects: openssh (Ubuntu Hirsute) Importance: Undecided Status: New ** Changed in: openssh (Ubuntu Hirsute) Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
The upload looks fine, but do you have any plans to fix Hirsute?
Otherwise users upgrading from Focal up to Hirsute will be regressed
after this fix is landed. It should be trivial to also fix this in
Hirsute I think - and might even be beneficial to do first as a canary.
** Description changed:
[Impact]
Users of the systemd socket activated ssh service may experience a race
condition that may lead an ssh instance to fail.
The race condition happens when, for a running socket activated ssh
service,
an instance A is started, creating the RuntimeDirectory for the service;
then
an instance B is started, relying on the RuntimeDirectory created for
instance A; then
instance A halts, causing the RuntimeDirectory to be deleted.
If, at this point, instance B has not chrooted into RuntimeDirectory
yet, then instance B will fail.
The proposed patch fixes the issue by preserving the RuntimeDirectory
after an instance A of the socket activated ssh service halts.
[Test Plan]
1) Stop any running instances of ssh.
`systemctl stop ssh`
2) Start the socket activated ssh service.
`systemctl start ssh.socket`
3) Verify that no errors related to ssh were logged in /var/log/auth.log
`cat /var/log/auth.log | grep 'sshd.*fatal.*chroot.*No such file or
directory'`
4) perform several ssh connections to the running server in a short time
span. ssh-keyscan may help here.
`ssh-keyscan localhost`
5) Verify that errors related to ssh were logged in /var/log/auth.log
`cat /var/log/auth.log | grep 'sshd.*fatal.*chroot.*No such file or
directory'`
6) Apply the proposed fix (make sure the socket activated service is
restarted)
7) repead step (4), then verify that no new entries were appended to the
step (5) output
[Where problems could occur]
If the changes to the socket activated unit file are wrong, the socket
activated service may fail to start after the package upgrade. In this
case, we would need to instruct users to perform local changes to the
unit file with possible additional fixes while a new version of the
patch lands.
+
+ [racb] There might be cases where users are inadvertently depending on
+ the cleanup that will now be disabled - for example by a bug or
+ misconfiguration that would result in /run filling up otherwise. By
+ disabling systemd cleanup and relying solely on openssh for cleanup,
+ such a bug or misconfiguration may be exposed and cause problems on such
+ systems.
[Other Info]
This fix has been forwarded to Debian and accepted in
https://salsa.debian.org/ssh-team/openssh/-/merge_requests/12
[Original message]
This is mostly the same issue as https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=934663.
With the default configuration of openssh-server and systemd, sshd will
complain and crash when multiple connections are made and terminated in
a quick succession, e.g. with `ssh-keyscan`. It results in the following
errors in /var/log/auth.log:
```
Nov 22 20:53:34 {host} sshd[14567]: Unable to negotiate with {client} port
41460: no matching host key type found. Their offer:
sk-ecdsa-sha2-nistp...@openssh.com [preauth]
Nov 22 20:53:34 {host} sshd[14570]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:34 {host} sshd[14569]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:34 {host} sshd[14568]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:34 {host} sshd[14566]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:47 {host} sshd[14584]: Connection closed by {client} port 59312
[preauth]
Nov 22 20:53:47 {host} sshd[14586]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:48 {host} sshd[14585]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
```
as well as e.g. missing responses in ssh-keyscan:
```
$ ssh-keyscan -vvv {host}
debug2: fd 3 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 2
debug2: fd 4 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 4
debug2: fd 5 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 8
debug2: fd 6 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 32
debug2: fd 7 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 64
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x0400
# {host}:22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms:
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms:
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
** Changed in: openssh (Ubuntu Focal) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
** Merge proposal linked: https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/openssh/+git/openssh/+merge/406161 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
** Description changed:
+ [Impact]
+
+ Users of the systemd socket activated ssh service may experience a race
+ condition that may lead an ssh instance to fail.
+
+ The race condition happens when, for a running socket activated ssh
+ service,
+
+ an instance A is started, creating the RuntimeDirectory for the service;
+ then
+
+ an instance B is started, relying on the RuntimeDirectory created for
+ instance A; then
+
+ instance A halts, causing the RuntimeDirectory to be deleted.
+
+ If, at this point, instance B has not chrooted into RuntimeDirectory
+ yet, then instance B will fail.
+
+ The proposed patch fixes the issue by preserving the RuntimeDirectory
+ after an instance A of the socket activated ssh service halts.
+
+ [Test Plan]
+
+ 1) Stop any running instances of ssh.
+ `systemctl stop ssh`
+
+ 2) Start the socket activated ssh service.
+ `systemctl start ssh.socket`
+
+ 3) Verify that no errors related to ssh were logged in /var/log/auth.log
+ `cat /var/log/auth.log | grep 'sshd.*fatal.*chroot.*No such file or
directory'`
+
+ 4) perform several ssh connections to the running server in a short time
span. ssh-keyscan may help here.
+ `ssh-keyscan localhost`
+
+ 5) Verify that errors related to ssh were logged in /var/log/auth.log
+ `cat /var/log/auth.log | grep 'sshd.*fatal.*chroot.*No such file or
directory'`
+
+ 6) Apply the proposed fix (make sure the socket activated service is
+ restarted)
+
+ 7) repead step (4), then verify that no new entries were appended to the
+ step (5) output
+
+ [Where problems could occur]
+
+ If the changes to the socket activated unit file are wrong, the socket
+ activated service may fail to start after the package upgrade. In this
+ case, we would need to instruct users to perform local changes to the
+ unit file with possible additional fixes while a new version of the
+ patch lands.
+
+ [Other Info]
+
+ This fix has been forwarded to Debian and accepted in
+ https://salsa.debian.org/ssh-team/openssh/-/merge_requests/12
+
+ [Original message]
+
This is mostly the same issue as https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=934663.
With the default configuration of openssh-server and systemd, sshd will
complain and crash when multiple connections are made and terminated in
a quick succession, e.g. with `ssh-keyscan`. It results in the following
errors in /var/log/auth.log:
```
Nov 22 20:53:34 {host} sshd[14567]: Unable to negotiate with {client} port
41460: no matching host key type found. Their offer:
sk-ecdsa-sha2-nistp...@openssh.com [preauth]
Nov 22 20:53:34 {host} sshd[14570]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:34 {host} sshd[14569]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:34 {host} sshd[14568]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:34 {host} sshd[14566]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:47 {host} sshd[14584]: Connection closed by {client} port 59312
[preauth]
Nov 22 20:53:47 {host} sshd[14586]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
Nov 22 20:53:48 {host} sshd[14585]: fatal: chroot("/run/sshd"): No such file
or directory [preauth]
```
as well as e.g. missing responses in ssh-keyscan:
```
$ ssh-keyscan -vvv {host}
debug2: fd 3 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 2
debug2: fd 4 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 4
debug2: fd 5 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 8
debug2: fd 6 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 32
debug2: fd 7 setting O_NONBLOCK
debug3: conalloc: oname {host} kt 64
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH* compat 0x0400
# {host}:22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms:
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: sk-ecdsa-sha2-nistp...@openssh.com
debug2: ciphers ctos:
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
debug2: ciphers stoc:
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
debug2: MACs ctos:
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc:
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
This bug was fixed in the package openssh - 1:8.4p1-5ubuntu2 --- openssh (1:8.4p1-5ubuntu2) impish; urgency=medium * d/systemd/ssh@.service: preserve the systemd managed runtime directory to ensure parallel processes will not disrupt one another when halting (LP: #1905285) (closes: #934663) -- Athos Ribeiro Mon, 05 Jul 2021 09:21:03 -0300 ** Changed in: openssh (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
** Merge proposal linked: https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/openssh/+git/openssh/+merge/405183 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
I'm seeing something similar to this (messages more like those in underlying debian bug report) - in this case triggered by a script which sshs in (invoking unison) twice in quick succession. Underlying hardware is an ARM board which may a little slow, don't know if that helps to trigger race? I'm also a little confused as to whether socket activation is the default under Ubuntu or not. My etckeeper history suggests it's been enabled here since 2014, when records began .. so no idea if it was something I enabled or not! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
Thanks for the comment, Marcin. Yes, you're right, the correct file to edit was ssh@.service indeed. That was a thinko on my part. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
Hello Segio, Have you tried editing ssh@.service as well? In my case, sshd.service -> ssh.service and that is not used when ssh is in socket-activated mode, ssh@.service is, at least that's how I understand systemd. I now understand how to override the unit files with [unit- file].d/override.conf files and that at least fixes the overwrite on update issue (although I must say it's a bit unintuitive, since some of the /usr/lib/systemd/system configs are symlinked from /etc/systemd/system and IIRC you should be allowed to modify configs under /etc, but I digress). AFAICT that's precisely what `systemctl edit` does. Seth, thank you for linking the manpage, it was... educational to say the least :). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
Thanks for the report. I was able to reproduce this bug. Basically: $ systemctl start ssh.socket $ ssh-keyscan localhost Interesting enough, I wasn't able to solve the problem by setting RuntimeDirectoryPreserve=yes. I edited sshd.service and added the directive there, but I still see the fatal errors on /var/log/auth.log. Maybe I'm missing something, but I don't have the time right now to dive deep into this. Marcin, as Seth said above, the right way to edit a systemd unit file is to invoke "systemctl edit", which will make sure that the new .service file is installed in a way that won't get ovewritten when you upgrade your package/system. You might want to use the "--full" option when invoking the command, which will already pre-fill the new file with the contents of the original .service. I'm marking this bug as Triaged and setting the priority to Medium. Hopefully someone will be able to work on it soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
** Changed in: openssh (Ubuntu) Status: New => Triaged ** Changed in: openssh (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1905285] Re: socket-activated sshd breaks on concurrent connections
Hello Marcin, the Description section of https://www.freedesktop.org/software/systemd/man/systemd.unit.html gives information on how to modify configurations without having them undone by future updates; the systemctl edit command automates the process of using these local modifications. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905285 Title: socket-activated sshd breaks on concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1905285/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
