[Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

Launchpad Bug Tracker 1876320 at bugs.launchpad.net
Fri Jun 5 21:23:48 UTC 2020 

This bug was fixed in the package openssh - 1:8.2p1-4ubuntu1

---------------
openssh (1:8.2p1-4ubuntu1) groovy; urgency=medium

  * d/p/lp-1876320-*: avoid applying defaults for every include statement
    (LP: #1876320)

 -- Christian Ehrhardt <christian.ehrhardt at canonical.com>  Fri, 29 May
2020 09:37:09 +0200

** Changed in: openssh (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  In Progress
Status in openssh package in Debian:
  New

Bug description:
  On my Ubuntu Server 20.04 LTS with OpenSSH 1:8.2p1-4, I have TWO sshd
  deamons. One (on port 22) is for internal use, accepts passwords etc.
  The second (on port 7722) does not allow PAM use and no passwords,
  allows only one user(name) and uses an alternative autorized_keys file
  (that only root can edit).

  Any parameter FIRST encountered in sshd_config is the one that is
  accepted; others do not override (like in many other config files).
  There is one exception: 'Port', which is accumulative. To make life
  easier, I set the more restrictive parameters for port 7722 first and
  next include the system-default /etc/ssh/sshd_config.

  The /etc/ssh/sshd_config file(s) in Ubuntu Server 20.04 DO NOT specify
  'Port' anywhere - the default is 22. But: it is obviously still
  accumulative: Setting 'Port' to 7722 makes sshd listen on port 7722
  AND 22. This is unwanted.

  Proposed solution: Remove the accumulative behavior for 'Port' and
  REQUIRE the 'Port' parameter like before (and maybe have second and
  later parameters override the earlier ones, like 'everyone else').

  Regards,

  Adriaan

  PS Searching for solutions, I found that specifying 'ListenAddress
  0.0.0.0:7722' stops sshd from listening to port 22. This, however, is
  not documented in 'man 5 sshd_config' and may be an unreliable side-
  effect.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1876320/+subscriptions

More information about the foundations-bugs mailing list