[Touch-packages] [Bug 1991592] Re: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config

Wed, 03 Apr 2024 09:22:07 -0700 

This is fixed now right?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991592

Title:
  openssh-server should ship a systemd generator to generate ssh socket
  port configuration from sshd_config

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  A criticism of the existing sshd socket activation implementation is
  that Port/ListenAddress options are migrated on a one-time basis at
  package upgrade time, and afterwards users get the surprising behavior
  that Port/ListenAddress settings added to sshd_config are ignored.

  A systemd generator could be used to change the ssh socket unit
  configuration on boot, and on each change of /etc/ssh/sshd_config.
  Sample implementation from Dimitri:

  ssh.socket:
  [Unit]
  Wants=sshd-config.path

  #
  # Note the below defaults are cleared and overriden by
  #    /lib/systemd/system-generators/sshd-generator
  # based on the sshd config from the sshd -T output
  #
  ListenStream=[::]:22
  ListenStream=0.0.0.0:22

  diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path
  new file mode 100644
  index 000000000..cfa9674a3
  --- /dev/null
  +++ b/systemd/sshd-config.path
  @@ -0,0 +1,4 @@
  +[Unit]
  +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
  +[Path]
  +PathChanged=/etc/ssh/sshd_config
  diff --git a/systemd/sshd-config.service b/systemd/sshd-config.service
  new file mode 100644
  index 000000000..b009ea52c
  --- /dev/null
  +++ b/systemd/sshd-config.service
  @@ -0,0 +1,5 @@
  +[Unit]
  +Description=Regenerate ssh.socket.d/ssh-listen.conf drop-in
  +
  +[Service]
  +ExecStart=/bin/systemctl daemon-reload
  diff --git a/systemd/sshd-generator b/systemd/sshd-generator
  new file mode 100755
  index 000000000..72c6aac04
  --- /dev/null
  +++ b/systemd/sshd-generator
  @@ -0,0 +1,10 @@
  +#!/bin/sh
  +set -eu
  +mkdir -p /run/sshd
  +sshd -t
  +mkdir -p $1/ssh.socket.d
  +target="$1/ssh.socket.d/ssh-listen.conf"
  +echo '[Socket]' > $target
  +echo 'ListenStream=' >> $target
  +sshd -T | sed -n 's/^listenaddress /ListenStream=/p' >> $target
  +rmdir --ignore-fail-on-non-empty /run/sshd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991592/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to