[Bug 1913810] Re: restart doesn't test for syntax errors

Andreas Hasenack 1913810 at bugs.launchpad.net
Mon May 3 14:28:14 UTC 2021 

yeah, it's specifically restart that we want to check

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1913810

Title:
  restart doesn't test for syntax errors

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  Tested openssh on bionic and groovy, same issue.

  The switch to systemd lost the ability to do a sanity check on the
  config file (via sshd -t) before attempting to restart sshd. This was
  originally bug #624361 in the SySV days, fixed in the initscript back
  then.

  The sysv script still does it, but it's not used anymore:
   restart)
          check_privsep_dir
          check_config
          log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true

  
  And:
  check_config() {
      if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then
          /usr/sbin/sshd $SSHD_OPTS -t || exit 1
      fi
  }

  
  The systemd service file has only ExecStartPre, which doesn't let it start if there is an error, but will happily stop it:
  [Unit]
  Description=OpenBSD Secure Shell server
  After=network.target auditd.service
  ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

  [Service]
  EnvironmentFile=-/etc/default/ssh
  ExecStartPre=/usr/sbin/sshd -t
  ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
  ExecReload=/usr/sbin/sshd -t
  ExecReload=/bin/kill -HUP $MAINPID
  ...

  Example:
  # sshd -t                                                                       
  # systemctl restart sshd                                                        
  # telnet localhost 22                                                           
  Trying 127.0.0.1...                                                             
  Connected to localhost.                                                         
  Escape character is '^]'.                                                       
  SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3                                         
  ^]                                                                              
  telnet> quit                                                                    
  Connection closed.                                                              
                                                                                  
  # echo "syntax error" >> /etc/ssh/sshd_config                                   
  # sshd -t                                                                       
  /etc/ssh/sshd_config: line 123: Bad configuration option: syntax                
  /etc/ssh/sshd_config: terminating, 1 bad configuration options                  
                                                                                  
  # systemctl restart sshd                                                        
  Job for ssh.service failed because the control process exited with error code.  
  See "systemctl status ssh.service" and "journalctl -xe" for details.            
                                                                                  
  # telnet localhost 22                                                           
  Trying 127.0.0.1...                                                             
  telnet: Unable to connect to remote host: Connection refused                    
  #

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1913810/+subscriptions

More information about the foundations-bugs mailing list