This is a debdiff for Bionic applicable to 7.6p1-4. I built the binary packages 
in pbuilder
and they build, upgraded and installed successfully.

Tested that the ifup hook was removed on upgrade, and also on install it
was never installed.

I went through a series of tests on a laptop with a wireless interface
and desktop with some somewhat complicated network layout.

I did not run into any unexpected results in the testing.  After every
network event I could trigger, I did not see a daemon restart, and also
the ssh server was still reachable on all exposed interfaces I tried, as
it was on

Thanks for your consideration of this patch.

** Patch added: "openssh-7.6p1-4ubuntu1.debdiff"

** Changed in: openssh (Ubuntu)
       Status: New => In Progress

** Changed in: openssh (Ubuntu)
     Assignee: (unassigned) => David Britton (davidpbritton)

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.

  Please consider dropping /etc/network/if-up.d/openssh-server

Status in openssh package in Ubuntu:
  In Progress

Bug description:
  The /etc/network/if-up.d/openssh-server hack was introduced ten years ago [1] 
as a response to bug 
  103436. At least from today's perspective this isn't justified:

  I can't seem to be able to actually reproduce that issue: I can start
  a VM with no network interfaces, remove the above hack, then start
  sshd, then bring up an ethernet interface, and I can connect to ssh
  via ethernet just fine. Also, e. g. Fedora has no counterpart of this
  hack, and these days a lot of people would complain if that would
  cause problems, as hotpluggable/roaming network devices are

  The hack introduces a race: you run into connection errors after
  bringing up a new interface as sshd stops listening briefly while
  being reloaded. That's the reason why I looked at it, as this
  regularly happens in upstream's cockpit integration tests.

  Also, /etc/network/if-up.d/ isn't being run when using
  networkd/netplan, i. e. in more recent Ubuntnu cloud instances. So far
  this doesn't seem to have caused any issues.

  I asked the original reporter of bug 103436 for some details, and to
  check whether that hack is still necessary. There is actually a
  proposed patch upstream [2] to use IP_FREEBIND, which is the modern
  solution to listening to all "future" interfaces as well. But at least
  for the majority of cases it seems to work fine without that even.

  So I wonder if it's time to bury that hack?


To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to