This bug was fixed in the package openssh - 1:9.6p1-3ubuntu13

openssh (1:9.6p1-3ubuntu13) noble; urgency=medium

  [ Marco Trevisan (TreviƱo) ]
  * debian: Remove dependency on libsystemd
    As per the xz backdoor we learned that the least dependencies sshd have,
    the best it is, so avoid to plug libsystemd (which also brings various
    other dependencies) inside sshd for no reason:

    - d/p/systemd-readiness.patch: Use upstream patch with no libsystemd
    - d/p/systemd-socket-activation.patch: Import patch from debian that
      mimics the libsystemd sd_listen_fds() code, as refactored by Colin
    - d/control: Remove dependencies on  libsystemd-dev | libelogind-dev
    - d/rules: Drop --with-systemd flag (new options are used by default)

  [ Nick Rosbrook ]
  * debian/patches: only set PAM_RHOST if remote host is not "UNKNOWN"
    (LP: #2060150)
  * debian/openssh-server.postinst: don't re-enable ssh.socket if it was 
    (LP: #2059874)
  * d/p/sshd-socket-generator.patch: do not always ignore ListenStream=22
    (LP: #2059872)

 -- Nick Rosbrook <>  Fri, 05 Apr 2024 15:30:31 -0400

** Changed in: openssh (Ubuntu)
       Status: Fix Committed => Fix Released

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.

  on upgrade sshd-socket-generator conversion does not respect
  administrator intent

Status in openssh package in Ubuntu:
  Fix Released

Bug description:
  the openssh-server 1:9.6p1-3ubuntu11 postinst contains this code

  if [ "$action" == configure ]; then
    if dpkg --compare-versions "$2" lt-nl 1:9.6p1-3ubuntu3~; then
      if [ -d /run/systemd/system ]; then
        # Make sure ssh.service is disabled.
        systemctl unmask ssh.service
        systemctl disable --now ssh.service > /dev/null 2>&1

        # sshd-socket-generator is invoked on daemon-reload.
        systemctl daemon-reload
        systemctl enable ssh.socket

  This does not respect existing service and socket unit configuration,
  it effectively re-enables a disabled ssh.service (and even a masked
  one), and a manually disabled socket unit. I strongly suspect it does
  not respect systemd presets either.

  This is unexpected behaviour.

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to