** Description changed: + [Impact] - Hello + On Ubuntu VMs running under Microsoft Hyper-V, users commonly rely on 'hv_sock' (Hyper-V socket) to enable seamless SSH access using the 'hvc.exe' tool on the Windows host. This works correctly on Ubuntu Jammy and earlier ( and Oracular and later with different mechanism ), but fails silently in Noble due to a missing '[email protected]' systemd unit. - A customer uses hyperv Ubuntu vm and uses hv_sock to connect to it. + The failure is due to a combination of systemd and OpenSSH changes: - With Jammy, it works well with minimum setup. but with Noble, they - can't. + * In older versions (e.g., Jammy with systemd 249), the '[email protected]' unit was relied upon for socket activation ('Accept=yes' mode) and the unit file exists. + * With the Ubuntu Kinetic release, '[email protected]' was removed, and no template unit was shipped by default. + * systemd introduced systemd-ssh-generator in version 256 checks [email protected] unit and openssh provides [email protected] unit. + * Ubuntu Noble ships with systemd 255, which lacks this feature, resulting in the absence of [email protected]. + * Debian has restored a static '[email protected]' template in recent OpenSSH packaging. Noble’s OpenSSH package currently lacks it. - I've analyzed a bit further and found below. + As a result, the typical 'ssh.socket' activation workflow fails on + Noble, breaking compatibility for 'hv_sock' SSH access. - debian upstream added [email protected] template back - https://salsa.debian.org/ssh-team/openssh/-/commit/eb25ab611967996a0d57b4ee565faa7de58b41f6 + [Test Case] - systemd 256 added ssh-generator - https://github.com/systemd/systemd/commit/0e3220684c6184a2f70396d991200ae207a25377 + 1. Launch a Noble VM on Hyper-V. + 2. Ensure the 'hv_sock' kernel module is loaded: - before systemd 256, [email protected] was default. + echo 'hv_sock' >> /etc/modules - with Knetic, [email protected] is removed - https://launchpadlibrarian.net/619116456/openssh_1%3A9.0p1-1_1%3A9.0p1-1ubuntu1.diff.gz + 3. Modify the socket unit for SSH to listen on vsock: - So, + # /lib/systemd/system/ssh.socket + [Socket] + ListenStream=vsock:22 + Accept=yes - Questing : systemd 257, [email protected] exists - Plucky : systemd 257, [email protected] exists - Oracular : systemd 256, [email protected] exists - Noble : systemd 255, [email protected] or [email protected] doesn't exist. - ... - Jammy : systemd 249, [email protected] exists. - ... + 4. Reload and reconfigure systemd units: - I guess, K, L, M, N are affected by this issue. + systemctl disable ssh.service + systemctl daemon-reload + systemctl stop ssh.service + systemctl enable ssh.socket + systemctl start ssh.socket + + 5. Attempt to connect from the Hyper-V host: - [Test Cases] - 1. deploy hyperv Ubuntu vm - 2. echo 'hv_sock' >> /etc/module - 3. vi /lib/systemd/system/ssh.socket - .. - [Socket] - ... - ListenStream=vsock:22 << add this part - ... - Accept=yes << change from no to yes - ... - 4. systemctl disable ssh.service; systemctl daemon-reload; systemctl stop ssh.service; - 5. systemctl enable ssh.socket; systemctl start ssh.socket; - - # in the hyperv host - 1. hvc ssh [email protected] - # hang this point. + hvc ssh user@ubuntu-vm + + Expected Result: Connection succeeds and SSH login is presented. + Actual Result: The connection hangs. No systemd unit is spawned due to missing '[email protected]'. [Where problems could occur] - TBD + Adding a static '[email protected]' template unit, as done in Debian(although it is [email protected]), is unlikely to interfere with traditional SSH service setups (i.e., 'ssh.service'). The '@' template only activates in conjunction with 'Accept=yes' sockets and does not conflict with existing unit files. - [Others] + [Other Info] + + * [Debian commit restoring '[email protected]'](https://salsa.debian.org/ssh-team/openssh/-/commit/eb25ab611967996a0d57b4ee565faa7de58b41f6) + * [systemd 256 adding 'systemd-ssh-generator'](https://github.com/systemd/systemd/commit/0e3220684c6184a2f70396d991200ae207a25377) + * OpenSSH in Ubuntu removed '[email protected]' in [this patch](https://launchpadlibrarian.net/619116456/openssh_1%3A9.0p1-1_1%3A9.0p1-1ubuntu1.diff.gz) during Kinetic development. + + This issue affects all Ubuntu series between Kinetic and Noble + (inclusive) where: + + * systemd < 256 is used (no dynamic generator) + * '[email protected]' has been removed + + But I think Noble only needs SRU for now since the others are EOL.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2111226 Title: [email protected] is still needed for hv_sock in Noble release To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2111226/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
