[Bug 1832110] Re: Resource Sharing with multiple sshd services

Robie Basak 1832110 at bugs.launchpad.net
Mon Jun 10 16:17:21 UTC 2019 

Thank you for taking the time to file this bug and helping to make
Ubuntu better.

> ...the problem is getting Ubuntu and OpenSSH to admit there is a
problem and it needs to be fixed.

It's up to individual projects to decide what configurations they want
to support. Just because you can't configure your system to your exact
specification doesn't necessarily mean that it's a problem for the
project.

I understand what you're requesting, but I don't think Ubuntu will be
prepared to maintain a patch in sshd to make the privilege separation
directory configurable, assuming that upstream don't wish to do this
either.

It may that there's something I'm missing and the problem can be fixed
in Ubuntu, but you haven't relayed the message from upstream so I am
unable to comment on that. If you'd like to expand on why exactly they
think "it is a Ubuntu problem", then I can look again.

As I don't think Ubuntu will maintain the type of patch you suggest, I'm
marking this bug as Won't Fix against the Ubuntu openssh package.

You might be able to use mount namespaces to give your different sshd
processes different views of /run/sshd.

However, please note that you can simply comment if you have further
information that you think would change this opinion, and change the
status back to New yourself to request reconsideration. No need to file
a new bug.

** Changed in: openssh (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1832110

Title:
  Resource Sharing with multiple sshd services

Status in openssh package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu: 18.04.2 LTS
  OpenSSH: 7.6p1

  I am having a problem starting multiple sshd processes. The default
  location of the sshd privilege separation directory is hard-coded to
  /run/sshd (see man page). If I want to have 2 sshd services using
  systemd, I need to write 2 service files, let's call them
  sshd_wan.service ans sshd_lan.service. Both of these services need to
  have their own "RuntimeDirectory=sshd_wan" and
  "RuntimeDirectory=sshd_lan". If you do not have separate
  RuntimeDirectory definitions for the 2 services, then when one service
  is killed/faults/restarts/stops/etc. the systemd (or init) process
  deletes the RuntimeDirectory and causes the other service to crash
  since a RuntimeDirectory does not exist.

  The problem is the hard-coding of the sshd Privilege Separation
  Directory. We need to modify the OpenBSD/OpenSSH sshd code to
  provision command line assignment of the privilege separation
  directory.

  I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and
  they say it is a Ubuntu problem. I reported this in Ubuntu bug
  #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT)
  rejected it because I described the problem using the init.d example.

  I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is
  getting Ubuntu and OpenSSH to admit there is a problem and it needs to
  be fixed.

  The problem is still there regardless if you are using Upstart (i.e.
  init.d) or systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions

More information about the foundations-bugs mailing list