[Bug 2103632] Re: sshd-socket-generator - not honoring addressfamily defined in /etc/sshd/sshd_conf

Nick Rosbrook 2103632 at bugs.launchpad.net
Wed Mar 19 15:35:45 UTC 2025 

*** This bug is a duplicate of bug 2080216 ***
    https://bugs.launchpad.net/bugs/2080216

I am going to mark this as a duplicate of bug 2080216, because the SRU
test plan in that bug explicitly covers this test case.

** This bug has been marked a duplicate of bug 2080216
   sshd cannot bind to IPv4 interfaces

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2103632

Title:
  sshd-socket-generator - not honoring addressfamily defined in
  /etc/sshd/sshd_conf

Status in openssh package in Ubuntu:
  New

Bug description:
  Used distribution
  Ubuntu 24.04.2 LTS

  Linux kernel version used: 6.8.0-55-generic
  OpenSSH Version: 1:9.6p1-3ubuntu13.5

  CPU architectures issue was seen on
  x86_64

  Component
  sshd-socket-generator

  Expected behaviour you didn't see
  In a SSHD socket based, if user changes the default configuration regarding addressfamily in /etc/sshd/sshd_config is not honored .

  ex:

  > head -10 /etc/ssh/sshd_config
  Include /etc/ssh/sshd_config.d/*.conf
  Port 222
  AddressFamily inet         # disable SSHD on ipv6
  # ListenAddress 0.0.0.0  # default value, not need to change

  > systemctl daemon-reload
  > systemctl restart ssh.socket sshd.service
  Result:

  > systemctl cat ssh.socket 
  # /usr/lib/systemd/system/ssh.socket
  [Unit]
  Description=OpenBSD Secure Shell server socket
  Before=sockets.target ssh.service
  ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

  [Socket]
  ListenStream=22
  Accept=no
  FreeBind=yes

  [Install]
  WantedBy=sockets.target
  RequiredBy=ssh.service

  # /run/systemd/generator/ssh.socket.d/addresses.conf
  # Automatically generated by sshd-socket-generator

  [Socket]
  ListenStream=
  ListenStream=222   # << This should be 0.0.0.0:222 since ipv6 should be disabled

  
  >  lsof -i:222
  COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
  systemd    1 root   57u  IPv6  57859      0t0  TCP *:222 (LISTEN)
  sshd    1927 root    3u  IPv6  57859      0t0  TCP *:222 (LISTEN)

  
  Describe the solution you'd like

  As state above, since if the port is changed in /etc/ssh/sshd_config and a daemon-reload is issued, the change is correctly applied to socket,
  in same way the change of IP protocol should be honored, otherwise this could lead people to wrongly assume their change has been honored while that change has not been considered.
  Moreover is also dangerous not to consider this change, since if SSHD is using socket activation, the addressfamily is completely ignored by systemd and sshd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2103632/+subscriptions

More information about the foundations-bugs mailing list