** Changed in: openssh (Ubuntu Plucky)
Assignee: (unassigned) => Nick Rosbrook (enr0n)
** Changed in: openssh (Ubuntu Noble)
Assignee: (unassigned) => Nick Rosbrook (enr0n)
** Changed in: openssh (Ubuntu Plucky)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2111226
Title:
sshd socket activation does not support AF_VSOCK
Status in openssh package in Ubuntu:
Triaged
Status in openssh source package in Jammy:
Fix Released
Status in openssh source package in Noble:
Triaged
Status in openssh source package in Oracular:
Won't Fix
Status in openssh source package in Plucky:
Triaged
Status in openssh source package in Questing:
Triaged
Bug description:
[Impact]
On Ubuntu VMs running under Microsoft Hyper-V, users commonly rely on
'hv_sock' (Hyper-V socket) to enable seamless SSH access using the 'hvc.exe'
tool on the Windows host. This works correctly on Ubuntu Jammy and earlier (
and Oracular and later with different mechanism ), but fails silently in Noble
due to a missing '[email protected]' systemd unit.
The failure is due to a combination of systemd and OpenSSH changes:
* In older versions (e.g., Jammy with systemd 249), the '[email protected]' unit
was relied upon for socket activation ('Accept=yes' mode) and the unit file
exists.
* With the Ubuntu Kinetic release, '[email protected]' was removed, and no
template unit was shipped by default.
* systemd introduced systemd-ssh-generator in version 256 checks
[email protected] unit and openssh provides [email protected] unit.
* Ubuntu Noble ships with systemd 255, which lacks this feature, resulting in
the absence of [email protected].
* Debian has restored a static '[email protected]' template in recent OpenSSH
packaging. Noble’s OpenSSH package currently lacks it.
As a result, the typical 'ssh.socket' activation workflow fails on
Noble, breaking compatibility for 'hv_sock' SSH access.
This issue affects all Ubuntu series between Kinetic and Noble
(inclusive) where:
* systemd < 256 is used (no dynamic generator)
* '[email protected]' has been removed
But I think Noble only needs SRU for now since the others are EOL.
Basically user should setup ssh.socket correctly to use hv_sock(e.g
changing Accept=no to Accept=yes) but creating whole service file
([email protected]) might be different story since Jammy was working fine.
[Test Case]
1. Launch a Noble VM on Hyper-V.
2. Ensure the 'hv_sock' kernel module is loaded:
echo 'hv_sock' >> /etc/modules
3. Adding the socket conf for SSH to listen on vsock:
# cat > /etc/systemd/system/ssh.socket.d/vsock.conf << EOF
[Socket]
ListenStream=vsock::22
EOF
4. Reload and reconfigure systemd units:
systemctl disable ssh.service
systemctl daemon-reload
systemctl stop ssh.service
systemctl enable ssh.socket
systemctl start ssh.socket
5. Attempt to connect from the Hyper-V host:
hvc ssh user@ubuntu-vm
Expected Result: Connection succeeds and SSH login is presented.
Actual Result: The connection hangs. No systemd unit is spawned due to
missing '[email protected]'.
[Where problems could occur]
Adding a static '[email protected]' template unit, as done in Debian(although it
is [email protected]), is unlikely to interfere with traditional SSH service setups
(i.e., 'ssh.service'). The '@' template only activates in conjunction with
'Accept=yes' sockets and does not conflict with existing unit files. Also it
was working in Jammy.
[Other Info]
* Debian commit restoring '[email protected]'
https://salsa.debian.org/ssh-team/openssh/-/commit/eb25ab611967996a0d57b4ee565faa7de58b41f6
* systemd 256 adding 'systemd-ssh-generator'
https://github.com/systemd/systemd/commit/0e3220684c6184a2f70396d991200ae207a25377
* OpenSSH in Ubuntu removed '[email protected]' in
https://launchpadlibrarian.net/619116456/openssh_1%3A9.0p1-1_1%3A9.0p1-1ubuntu1.diff.gz
during Kinetic development.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2111226/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
