** Description changed: [Impact] sshd doesn't check the configuration when reloading. If a user generates an invalid configuration file, sshd will shut down and not come back up when the user issues a reload. [Test Case] - - Copied existing debian fix from 7f06034b1c4ba72dac028ed7879c89b6ee073293 - in pkg/ubuntu/artful to check sshd_config for errors before starting or - reloading the service. - - PPA: ppa:kstenerud/sshd-reload-1771340 - - Steps to Test - ------------- $ lxc launch ubuntu:xenial tester $ lxc exec tester bash # echo "blah blah" >>/etc/ssh/sshd_config # systemctl reload sshd Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. # systemctl status ssh.service ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago * The service should have checked the config file, failed to reload, but remained active in its current configuration. In this case ssh has shut down. - Remove the last line "blah blah" in /etc/ssh/sshd_config, then: - - # systemctl start sshd - # add-apt-repository -y ppa:kstenerud/sshd-reload-1771340 - # apt update - # apt upgrade -y - # echo "blah blah" >>/etc/ssh/sshd_config - # systemctl reload sshd - Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. - # systemctl status ssh.service - ● ssh.service - OpenBSD Secure Shell server - Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) - Active: active (running) (Result: exit-code) since Tue 2018-08-21 18:39:03 UTC; 31s ago - - * Service is active (running), which is as it should be. - [Regression Potential] This code will only trigger on an invalid configuration file (in which case sshd would not load anyway), so there should be no regressions. [Other Info] autopkgtest [13:45:46]: test regress: -----------------------] autopkgtest [13:45:47]: test regress: - - - - - - - - - - results - - - - - - - - - - regress PASS autopkgtest [13:45:47]: @@@@@@@@@@@@@@@@@@@@ summary regress PASS - [Original Description] After adding some lines to /etc/ssh/sshd_config I tried to reload the configuration with the command: ``` sudo systemctl reload sshd ``` No error message was returned. So I assumed that the sshd was running with the current config. But `sudo systemctl status sshd` told me that the service failed due to a wrong option in /etc/ssh/sshd_config. Please see the following output: ~~~ :~$ sudo vim /etc/ssh/sshd_config :~$ sudo systemctl reload sshd :~$ sudo systemctl status sshd ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255) Main PID: 7536 (code=exited, status=255) ~~~ I would expect that a warning or error message is returned when the service fails while reloading it's configuration. A fix for this behaviour would be appreciated. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openssh-server 1:7.2p2-4ubuntu2.4 ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39 Uname: Linux 3.13.0-112-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.17 Architecture: amd64 Date: Tue May 15 10:18:25 2018 InstallationDate: Installed on 2013-01-10 (1950 days ago) InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3) SourcePackage: openssh UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago) mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1771340 Title: sshd failed on config reload Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Xenial: In Progress Bug description: [Impact] sshd doesn't check the configuration when reloading. If a user generates an invalid configuration file, sshd will shut down and not come back up when the user issues a reload. [Test Case] $ lxc launch ubuntu:xenial tester $ lxc exec tester bash # echo "blah blah" >>/etc/ssh/sshd_config # systemctl reload sshd Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. # systemctl status ssh.service ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago * The service should have checked the config file, failed to reload, but remained active in its current configuration. In this case ssh has shut down. [Regression Potential] This code will only trigger on an invalid configuration file (in which case sshd would not load anyway), so there should be no regressions. [Other Info] autopkgtest [13:45:46]: test regress: -----------------------] autopkgtest [13:45:47]: test regress: - - - - - - - - - - results - - - - - - - - - - regress PASS autopkgtest [13:45:47]: @@@@@@@@@@@@@@@@@@@@ summary regress PASS [Original Description] After adding some lines to /etc/ssh/sshd_config I tried to reload the configuration with the command: ``` sudo systemctl reload sshd ``` No error message was returned. So I assumed that the sshd was running with the current config. But `sudo systemctl status sshd` told me that the service failed due to a wrong option in /etc/ssh/sshd_config. Please see the following output: ~~~ :~$ sudo vim /etc/ssh/sshd_config :~$ sudo systemctl reload sshd :~$ sudo systemctl status sshd ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255) Main PID: 7536 (code=exited, status=255) ~~~ I would expect that a warning or error message is returned when the service fails while reloading it's configuration. A fix for this behaviour would be appreciated. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openssh-server 1:7.2p2-4ubuntu2.4 ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39 Uname: Linux 3.13.0-112-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.17 Architecture: amd64 Date: Tue May 15 10:18:25 2018 InstallationDate: Installed on 2013-01-10 (1950 days ago) InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3) SourcePackage: openssh UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago) mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771340/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
