Public bug reported:
Defaults no longer match up exactly between openssh-server and monit.
If I recall correctly, openssh-server no longer generates or relies on
dsa host keys for valid security reasons. However, the provided monit
openssh-server monitoring configuration contains two stanzas that force
monit to disable/terminate the openssh-server process because the system
has no sshd_dsa_keys defined.
This seems like a bug in monit; easy workarounds exist (remove stanzas
or generate dsa host key even if it's not used by sshd), but conf-
available data should probably work out of the box.
The problematic stanzas in /etc/monit/conf-available/openssh-server are
as follows (noted as commented out):
# depend on sshd_dsa_key
# check file sshd_dsa_key with path /etc/ssh/ssh_host_dsa_key
# group sshd
# include /etc/monit/templates/rootstrict
This issue consistently occurs on a fresh bionic install with monit and
openssh-server installed, on reboot. My packages versions are monit
1:5.25.1-1build1 and openssh-server 1:7.6p1-4ubuntu0.1.
[UTC Jan 10 20:59:18] error : 'sshd_dsa_key' file doesn't exist
[UTC Jan 10 20:59:18] info : 'sshd_dsa_key' trying to restart
[UTC Jan 10 20:59:18] info : 'sshd' stop: '/etc/init.d/ssh stop'
[UTC Jan 10 20:59:19] error : 'sshd_dsa_key' file doesn't exist
[UTC Jan 10 20:59:19] error : 'sshd' failed to start -- could not start
required services: 'sshd_dsa_key'
** Affects: monit (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1811292
Title:
monit default configuration for openssh-server causes openssh to be
unusable
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1811292/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
