[Touch-packages] [Bug 1913810] Re: restart doesn't test for syntax errors

[Sergio Durigan Junior]

** Changed in: openssh (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1913810

Title:
  restart doesn't test for syntax errors

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  Tested openssh on bionic and groovy, same issue.

  The switch to systemd lost the ability to do a sanity check on the
  config file (via sshd -t) before attempting to restart sshd. This was
  originally bug #624361 in the SySV days, fixed in the initscript back
  then.

  The sysv script still does it, but it's not used anymore:
   restart)
          check_privsep_dir
          check_config
          log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true

  
  And:
  check_config() {
      if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
          /usr/sbin/sshd $SSHD_OPTS -t || exit 1
      fi
  }

  
  The systemd service file has only ExecStartPre, which doesn't let it start if 
there is an error, but will happily stop it:
  [Unit]
  Description=OpenBSD Secure Shell server
  After=network.target auditd.service
  ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

  [Service]
  EnvironmentFile=-/etc/default/ssh
  ExecStartPre=/usr/sbin/sshd -t
  ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
  ExecReload=/usr/sbin/sshd -t
  ExecReload=/bin/kill -HUP $MAINPID
  ...

  Example:
  # sshd -t                                                                     
  
  # systemctl restart sshd                                                      
  
  # telnet localhost 22                                                         
  
  Trying 127.0.0.1...                                                           
  
  Connected to localhost.                                                       
  
  Escape character is '^]'.                                                     
  
  SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3                                       
  
  ^]                                                                            
  
  telnet> quit                                                                  
  
  Connection closed.                                                            
  
                                                                                
  
  # echo "syntax error" >> /etc/ssh/sshd_config                                 
  
  # sshd -t                                                                     
  
  /etc/ssh/sshd_config: line 123: Bad configuration option: syntax              
  
  /etc/ssh/sshd_config: terminating, 1 bad configuration options                
  
                                                                                
  
  # systemctl restart sshd                                                      
  
  Job for ssh.service failed because the control process exited with error 
code.  
  See "systemctl status ssh.service" and "journalctl -xe" for details.          
  
                                                                                
  
  # telnet localhost 22                                                         
  
  Trying 127.0.0.1...                                                           
  
  telnet: Unable to connect to remote host: Connection refused                  
  
  #

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1913810/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp