[Bug 2069041] Re: Changing Port in sshd_config requires calling systemctl daemon-reload
Launchpad Bug Tracker
2069041 at bugs.launchpad.net
Thu Nov 7 19:34:41 UTC 2024
This bug was fixed in the package openssh - 1:9.6p1-3ubuntu13.7
---------------
openssh (1:9.6p1-3ubuntu13.7) noble; urgency=medium
* d/t/sshd-socket-generator: run test_match_on_port test
The test case was added to verify the fix for LP: 2076023,
but it is not actually executed at the moment. Now that
it does run, fix the grep commands used.
openssh (1:9.6p1-3ubuntu13.6) noble; urgency=medium
* Explicitly listen on IPv4 by default, with socket-activated sshd
(LP: #2080216)
- d/systemd/ssh.socket: explicitly listen on ipv4 by default
- d/t/sshd-socket-generator: update for new defaults and AddressFamily
- sshd-socket-generator: handle new ssh.socket default settings
* sshd-socket-generator: do not parse server match config
(LP: #2076023)
* d/p/systemd-socket-activation.patch: don't clear rexec_flag
(LP: #2071815)
* d/p/sshd-socket-generator.patch: add note to sshd_config
Explain that a systemctl daemon-reload is needed for changes
to Port et al to take effect.
(LP: #2069041)
* debian/openssh-server.ucf-md5sum: add new checksums for sshd_config
-- Nick Rosbrook <enr0n at ubuntu.com> Wed, 23 Oct 2024 14:19:51 -0400
** Changed in: openssh (Ubuntu Noble)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2069041
Title:
Changing Port in sshd_config requires calling systemctl daemon-reload
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Noble:
Fix Released
Bug description:
[Impact]
There is currently no comment in the default /etc/ssh/sshd_config
explaining that a systemctl daemon-reload is needed for changes to
Port etc. to take effect when systemd socket activation is used (the
default on Ubuntu).
Users may change e.g. Port in /etc/ssh/sshd_config and expect
systemctl restart ssh.service to reflect the change, but this will not
work.
[Test Plan]
1. The proposed fix here is to improve the documentation by adding a
comment above the default Port setting in /etc/ssh/sshd_config. Hence,
the test is to simply install openssh-server from noble-proposed, and
verify that the comment is there.
2. Because the patch changes the default sshd_config, and
debian/openssh-server.ucf-md5sum needs to be updated when this
happens, an upgrade from noble to oracular should be done after
installing openssh-server from noble-proposed. If a debconf prompt is
shown, then a mistake was made in recording the checksums. Otherwise,
they are correct.
[Where problems could occur]
There is low technical risk, but we should be sure that the
documentation is clear and improves the experience of users. It could
be harmful if the documentation accidentally makes things worse, or is
just confusing.
Also, a packaging quirk of openssh-server is that checksums of the
patched sshd_config (along with certain settings tweaked) need to be
recorded in debian/openssh-server.ucf-md5sum to avoid unnecessary
debconf prompts on upgrades. I have updated those checksums, but if
they are incorrent, then in future upgrades users might see an
unnecessary debconf prompt about /etc/ssh/sshd_config.
[Original Description]
Changing the Port directive in sshd_config and restarting ssh.service
is without effect, sshd keeps listening to port 22.
Also mentioned in https://discourse.ubuntu.com/t/sshd-now-uses-socket-
based-activation-ubuntu-22-10-and-later/30189/32
Steps to reproduce:
1. Install Ubuntu 24.04 LTS
2. Change Port directive in /etc/ssh/sshd_config to Port 2233
3. Restart ssh.service
4. Observe sshd still listening to port 22
Expected behaviour: sshd changes port to 2233
Actual behaviour: sshd keeps listening to port 22
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2069041/+subscriptions
More information about the foundations-bugs
mailing list