[Bug 2059872] Re: Unable to listen on port 22 if multiple Port= present in sshd configuration

Launchpad Bug Tracker 2059872 at bugs.launchpad.net
Mon Apr 15 22:30:05 UTC 2024 

This bug was fixed in the package openssh - 1:9.6p1-3ubuntu13

---------------
openssh (1:9.6p1-3ubuntu13) noble; urgency=medium

  [ Marco Trevisan (TreviƱo) ]
  * debian: Remove dependency on libsystemd
    As per the xz backdoor we learned that the least dependencies sshd have,
    the best it is, so avoid to plug libsystemd (which also brings various
    other dependencies) inside sshd for no reason:

    - d/p/systemd-readiness.patch: Use upstream patch with no libsystemd
      dependency
    - d/p/systemd-socket-activation.patch: Import patch from debian that
      mimics the libsystemd sd_listen_fds() code, as refactored by Colin
      Watson.
    - d/control: Remove dependencies on  libsystemd-dev | libelogind-dev
    - d/rules: Drop --with-systemd flag (new options are used by default)

  [ Nick Rosbrook ]
  * debian/patches: only set PAM_RHOST if remote host is not "UNKNOWN"
    (LP: #2060150)
  * debian/openssh-server.postinst: don't re-enable ssh.socket if it was disabled
    (LP: #2059874)
  * d/p/sshd-socket-generator.patch: do not always ignore ListenStream=22
    (LP: #2059872)

 -- Nick Rosbrook <enr0n at ubuntu.com>  Fri, 05 Apr 2024 15:30:31 -0400

** Changed in: openssh (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2059872

Title:
  Unable to listen on port 22 if multiple Port= present in sshd
  configuration

Status in openssh package in Ubuntu:
  Fix Released

Bug description:
  Recently introduced sshd-socket-generator for socket activation in
  openssh 1:9.6p1-3ubuntu3 has a bug when dealing with multiple Port or
  ListenAddress entries in the sshd configuration.

  If you have multiple Port or ListenAddress and one of them is for port
  22, it just skips it.

  To show it clearly, here is an example:
  Port 22
  Port 1024

  It generates:
  ListenStream=
  ListenStream=1024

  Now nothing is listening to port 22, hence breaking existing
  configurations.

  This was tested on 1:9.6p1-3ubuntu11.

  The intention seems to be to not generate the drop-in if only port 22
  is in use, but it does not account for the case of multiple Port or
  ListenAddress where one of them is for port 22.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2059872/+subscriptions

More information about the foundations-bugs mailing list