[Bug 2087551] Re: OpenSSH server config broken on unattended update

Andreas Hasenack 2087551 at bugs.launchpad.net
Mon Nov 25 20:57:26 UTC 2024 

I tried many other things to reproduce this bug:

- looks like the reporter had this happen in a Digital Ocean VM. I tried that too, going through the openssh upgrades all the way to 13.7, changing the port to 2240, and it just worked
- tried ipv4 and ipv6
- then noted I was doing this all via ssh, which could interfere with the troubleshooting. Went back to local lxc and used "lxc console" instead of an ssh connection. It also worked
- then I used unattended-upgrades itself. I configured the system to bump the priority of openssh in noble-proposed, and configured unattended-upgrades to also consider proposed. It upgraded openssh-server without issues, on the different port, and I could ssh in after
- finally, same as above, but I did not restart openssh (or the socket) after changing the port to 2240. I let unattended-upgrades do it, to the version in proposed. It also worked.

I'm out of ideas here. The only case where I could reproduce something
similar to what was reported here is if I let the new configuration file
from the package overwrite my local changes, but even then, all that
would happen is ssh/systemd listening again on port 22 instead of my
custom port. If you guys had a firewall on port 22 or something like
that, it could explain the system no longer being reachable, but the log
from comment #23 disproves that theory for that user at least.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2087551

Title:
  OpenSSH server config broken on unattended update

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  My server performed unattended update of openssh-server from
  1:9.6p1-3ubuntu13.5 to 1:9.6p1-3ubuntu13.7, and after this I could not
  access ssh anymore, connection refused.

  Following the steps at the bottom of this post to use non-socket-
  based-activation has allowed me to connect to the server again:

  https://discourse.ubuntu.com/t/sshd-now-uses-socket-based-activation-
  ubuntu-22-10-and-later/30189

  I suspect this is related to using a non-default port, although the
  systemd socket configuration appeared to exist with correct values, as
  well as the custom port value in sshd_config, before making the above
  change.

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: openssh-server 1:9.6p1-3ubuntu13.7
  ProcVersionSignature: Ubuntu 6.8.0-48.48-generic 6.8.12
  Uname: Linux 6.8.0-48-generic x86_64
  ApportVersion: 2.28.1-0ubuntu3.1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CloudArchitecture: x86_64
  CloudBuildName: server
  CloudID: configdrive
  CloudName: configdrive
  CloudPlatform: configdrive
  CloudSerial: 20231014
  CloudSubPlatform: config-disk (/dev/vdb)
  Date: Fri Nov  8 13:13:51 2024
  ProcEnviron:
   LANG=C.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=tmux-256color
  SourcePackage: openssh
  UpgradeStatus: Upgraded to noble on 2024-06-04 (157 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2087551/+subscriptions

More information about the foundations-bugs mailing list