[Bug 624361] Re: service ssh restart does not test the configuration file
** Tags added: regression-release -- service ssh restart does not test the configuration file https://bugs.launchpad.net/bugs/624361 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 624361] Re: service ssh restart does not test the configuration file
Further information, this was introduced in 10.04. 9.10 and prior still used the init.d script. -- service ssh restart does not test the configuration file https://bugs.launchpad.net/bugs/624361 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 624361] Re: service ssh restart does not test the configuration file
Hi Simon, thanks very much for filing this bug report and working with us to make Ubuntu better. Because of the way upstart and sshd work together, its hard to detect failures. The reason try-restart worked was that it falls through in /usr/sbin/service, as its not one of the regular actions that upstart supports. In looking at this, I think the appropriate fix is to add a pre-stop that runs /usr/sbin/sshd -t And will warn the user that the config file is broken, and possibly even abort the stop. Setting status to Triaged as I think this fix can be worked on now. Setting status to High, as it is a serious problem for server users if sshd is silently broken on a remote machine. ** Changed in: openssh (Ubuntu) Status: New = Triaged ** Changed in: openssh (Ubuntu) Importance: Undecided = High -- service ssh restart does not test the configuration file https://bugs.launchpad.net/bugs/624361 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 624361] Re: service ssh restart does not test the configuration file
Hi Clint, Thanks for your additional input. Regarding your suggestion to add a pre-stop action that runs sshd -t I have to disagree. When I call service ssh stop I expect the daemon to quit even if there are configuration errors. I am not familiar with upstart but maybe there are some hooks other than pre-stop that could be better suited for this. Maybe a pre-restart hook exists ? Thank you -- service ssh restart does not test the configuration file https://bugs.launchpad.net/bugs/624361 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 624361] Re: service ssh restart does not test the configuration file
I see your point Simon, and I agree thats what I expect too. I think a case can be made that sometimes failing safe means doing something non-intuitive, though in doing something like that, there has to be a good reason. There is no pre-restart stanza, and upon looking at upstart's code, it simply changes the goal state of the job to STOP, then to START, so this makes sense, though it could be added, it would not be a simple, natural hook like the pre-stop and pre-start. About the only way I can think of to retain the expected behavior of always stopping (which I think is important) and avoid silently disappearing (even falsely returning 0 on initctl restart) is to simply warn via the console, when stopping with a broken config, and then fail in pre-start with the -t check. Unfortunately, there is some resistance to using 'output console', which is currently the only way for upstart jobs to communicate with the user other than daemon.log, which is pretty far removed from a sysadmin in crisis mode trying to fix their ssh service. I'm having some trouble even getting restart to work if there are any pre-stop scripts, so I will continue to look into this. -- service ssh restart does not test the configuration file https://bugs.launchpad.net/bugs/624361 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 624361] Re: service ssh restart does not test the configuration file
** Attachment added: Dependencies.txt https://bugs.launchpad.net/bugs/624361/+attachment/1519330/+files/Dependencies.txt -- service ssh restart does not test the configuration file https://bugs.launchpad.net/bugs/624361 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 624361] Re: service ssh restart does not test the configuration file
I just found this in OpenSSH changelog for Maverick : openssh (1:5.5p1-3ubuntu1) maverick; urgency=low ... - Convert to Upstart. The init script is still here for the benefit of people running sshd in chroots. ... Is it planned to drop the init script eventually ? -- service ssh restart does not test the configuration file https://bugs.launchpad.net/bugs/624361 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
