Hi, trying to get new life in bugs dormant for quite a while - in addition hte had not too much consensus before.
I'll just try to recreate the case in a virt env (as it is easy for everyone to reproduce) in the way I understood the case - I beg your pardon if that isn't the case you meant - please help if that is true. # get a simple guest $ uvt-kvm create --password=ubuntu artful-testnosshhook release=artful arch=amd64 label=daily # gets it's IP $ virsh domifaddr artful-testnosshhook Name MAC address Protocol Address ------------------------------------------------------------------------------- vnet1 52:54:00:38:7b:4e ipv4 192.168.122.236/24 # Login via SSH $ ssh [email protected] # Login via Console in case network/ssh connection dies $ virsh console artful-testnosshhook # Initially both logins work and there is no ifupdown installed (so hooks won't be working) ubuntu@artful-testnosshhook:~$ dpkg -S /sbin/ifup dpkg-query: no path found matching pattern /sbin/ifup ubuntu@artful-testnosshhook:~$ ll /sbin/ifup ls: cannot access '/sbin/ifup': No such file or directory # Before changing IPs we have the binds on 0.0.0.0 and :::, as well as my own active ssh connection $ sudo netstat -apn | grep ssh tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 967/sshd tcp 0 0 192.168.122.236:22 192.168.122.1:36062 ESTABLISHED 1043/sshd: ubuntu [ tcp6 0 0 :::22 :::* LISTEN 967/sshd # Currently I have $ ip addr show 2: ens3: inet 192.168.122.236/24 brd 192.168.122.255 scope global dynamic ens3 #Thet next IP is free, so just bluntly change the IP (without up/down/dhcp this time) $ ip addr add 192.168.122.237/24 broadcast 192.168.122.255 dev ens3 $ sudo ip addr del 192.168.122.236/24 dev ens3 Of course my ssh session is dead, ssh is still listening on all interfaces but didn't pick up .237 as the ssh code just doesn't do so (like IP_FREEBIND). So let's be more fair and use dhcp to reassign (more realistic case). # Edit the range so the current IP is no more in it and then restart (Host) # I had a range like this <range start='192.168.122.2' end='192.168.122.200'/> #And started with leases: $ virsh net-dhcp-leases default 2017-09-22 10:39:55 52:54:00:38:7b:4e ipv4 192.168.122.30/24 artful-testnosshhook # Now lets add a new range and remove the current one without brekaing the bridge (destroy/start would break it) $ virsh net-update default add ip-dhcp-range "<range start='192.168.122.220' end='192.168.122.230'/>" --live --config $ virsh net-update default delete ip-dhcp-range "<range start='192.168.122.2' end='192.168.122.200'/>" --live --config # Then in the guest renew the lease and networking # this will only ADD the new ip $ sudo dhclient -r ens3; sudo dhclient -v ens3 # so instead do $ sudo systemctl restart systemd-networkd # After a few seconds we have a new IP and ssh is gone on "the old IP" # but a login to the new one works. # Now this might be due to restarting systemd-networkd # It could be "too much" for the test still and its dependencies reload sshd? # So instead wait on the renewal (feel free to reduce the expiration if you are impatient) What I see after a while is: 1. the IP renewed 2. the connect on the old IP is dead (that is ok) 3. ssh accepts connections on the new IP (that is what we wanted with all of this right?) I double checked that nothing restarted ssh in the background, but it is the one started an hour ago when I manually did so on the old IP. $ ubuntu@artful-testnosshhook:~$ systemctl status sshd ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab Active: active (running) since Fri 2017-09-22 07:54:25 UTC; 1h 0min ago # New lease on new address $ virsh net-dhcp-leases default 2017-09-22 10:49:29 52:54:00:38:7b:4e ipv4 192.168.122.223/24 artful-testnosshhook While wanted to agree that [1] is the real way to solve this eventually it seems that the core of this feature already works withotu it. Without ifup hooks and anything else restarting ssh it accepts connections on the new IP. This was done on Artful as there ifup is dropped. I hope I added enough details, maybe one would co-test the same there to be sure. [1]: https://bugzilla.mindrot.org/show_bug.cgi?id=2512 ** Bug watch added: OpenSSH Portable Bugzilla #2512 https://bugzilla.mindrot.org/show_bug.cgi?id=2512 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674330 Title: Please consider dropping /etc/network/if-up.d/openssh-server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1674330/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
