Your message dated Sat, 2 Mar 2019 14:14:09 +0100
with message-id <[email protected]>
and subject line Re: Bug#923508: systemd not restarting sshd on Debian 9
Stretch i386 due to RestartPreventExitStatus=255 in sshd.service file
has caused the Debian Bug report #923508,
regarding systemd not restarting sshd on Debian 9 Stretch i386 due to
RestartPreventExitStatus=255 in sshd.service file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
923508: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923508
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 232-25+deb9u
On Debian 9 stretch with the latest updates systemd no longer restarts
sshd due to changes to the sshd.service unit file.
The line:
RestartPreventExitStatus=255 has been added to the master sshd unit file
in recent systemd/sshd updates.
This means if the network interface is not up by the time sshd tries to
start, sshd will return a result code of 255, and systemd will NOT try
to restart it.
This is obviously a HUGE problem for anybody using sshd as their
exclusive means of accessing a system. On many systems the network can
take a considerable amount of time to start.
When you finally do get physical access to a system, and try to override
the default unit file by adding:
RestartPreventExitStatus=
to the end of /etc/systemd/system/sshd.service.d/override.conf
and running systemctl daemon-reload and rebooting
You find that the default of 255 is NOT overridden. I already had:
[Service]
Restart=always
RestartSec=5
in the override.conf file. What part of ALWAYS does systemd not understand!
I was forced to comment out the RestartPreventExitStatus=255 line in the
/etc/systemd/system/sshd.service file, which is NOT a solution.
Also the version of systemd currently being used has bugs which when you
manually restart a unit using systemctl restart sshd.service it warns
about the configuration needing reloading using systemctl daemon-reload,
even though you have just done that. This bug appears to have been fixed
once in systemd in 2016, so either an old version is being used, or it
has crept back in.
systemctl daemon-reload
systemctl restart sshd.service
Warning: sshd.service changed on disk. Run 'systemctl daemon-reload' to
reload units.
Of course if systemd didn't start networking dependent units until the
network was actually up then none of this would be an issue... Of course
then you get into arguments about which network interface...
Clearly much more testing of systemd needs to be done before pushing
updates of it. But the bottom line is NEVER break sshd.
Systemd Version:
||/ Name Version Architecture Description
+++-==============-============-============-=================================
ii systemd 232-25+deb9u i386 system and service manager
Openssh Server version:
||/ Name Version Architecture Description
+++-==============-============-============-=================================
ii openssh-server 1:7.4p1-10+d i386 secure shell (SSH) server,
for se
System Version:
uname -a
Linux sempron 4.9.0-8-686-pae #1 SMP Debian 4.9.144-3.1 (2019-02-19)
i686 GNU/Linux
cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
apt show libc6 | grep ^Version
Version: 2.24-11+deb9u4
Error messages from sshd when booting using default config
(RestartPreventExitStatus=255 in /etc/systemd/system/sshd.service file)
journalctl -b0 | grep ssh
Mar 01 07:32:02 sempron sshd[432]: error: Bind to port XXXX on
192.168.1.54 failed: Cannot assign requested address.
Mar 01 07:32:02 sempron sshd[432]: fatal: Cannot bind any address.
Mar 01 07:32:02 sempron systemd[1]: ssh.service: Main process exited,
code=exited, status=255/n/a
Mar 01 07:32:02 sempron systemd[1]: ssh.service: Unit entered failed state.
Mar 01 07:32:02 sempron systemd[1]: ssh.service: Failed with result
'exit-code'.
Mar 01 07:32:17 sempron systemd[700]: Listening on GnuPG cryptographic
agent (ssh-agent emulation).
where XXXX is the sshd port number
/etc/systemd/system/sshd.service file used for above log file:
[Unit]
Description=OpenBSD Secure Shell server
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
#Restart=on-failure
Restart=always
RestartPreventExitStatus=255
Type=notify
[Install]
WantedBy=multi-user.target
Alias=sshd.service
/etc/systemd/system/sshd.service.d/override.conf
[Unit]
After=network.target
[Service]
Restart=always
RestartSec=5
RestartPreventExitStatus=
Commenting out RestartPreventExitStatus=255 in sshd.service, doing
systemctl daemon-reload, and rebooting gives:
journalctl -b0 | grep ssh
Mar 01 07:38:24 sempron sshd[426]: error: Bind to port XXXX on
192.168.1.54 failed: Cannot assign requested address.
Mar 01 07:38:24 sempron sshd[426]: fatal: Cannot bind any address.
Mar 01 07:38:24 sempron systemd[1]: ssh.service: Main process exited,
code=exited, status=255/n/a
Mar 01 07:38:24 sempron systemd[1]: ssh.service: Unit entered failed state.
Mar 01 07:38:24 sempron systemd[1]: ssh.service: Failed with result
'exit-code'.
Mar 01 07:38:24 sempron systemd[1]: ssh.service: Service hold-off time
over, scheduling restart.
Mar 01 07:38:25 sempron sshd[437]: error: Bind to port XXXX on
192.168.1.54 failed: Cannot assign requested address.
Mar 01 07:38:25 sempron sshd[437]: fatal: Cannot bind any address.
Mar 01 07:38:25 sempron systemd[1]: ssh.service: Main process exited,
code=exited, status=255/n/a
Mar 01 07:38:25 sempron systemd[1]: ssh.service: Unit entered failed state.
Mar 01 07:38:25 sempron systemd[1]: ssh.service: Failed with result
'exit-code'.
Mar 01 07:38:25 sempron systemd[1]: ssh.service: Service hold-off time
over, scheduling restart.
Mar 01 07:38:25 sempron sshd[454]: Server listening on 192.168.1.54 port
XXXX.
Mar 01 07:38:26 sempron sshd[454]: Received SIGHUP; restarting.
Mar 01 07:38:26 sempron sshd[454]: Server listening on 192.168.1.54 port
XXXX.
Mar 01 07:38:26 sempron sshd[454]: Received SIGHUP; restarting.
Mar 01 07:38:26 sempron sshd[454]: Server listening on 192.168.1.54 port
XXXX.
Mar 01 07:38:53 sempron systemd[941]: Listening on GnuPG cryptographic
agent (ssh-agent emulation).
where XXXX is the sshd port number
/etc/systemd/system/sshd.service file used for above log file:
[Unit]
Description=OpenBSD Secure Shell server
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
#Restart=on-failure
Restart=always
#RestartPreventExitStatus=255
Type=notify
[Install]
WantedBy=multi-user.target
Alias=sshd.service
/etc/systemd/system/sshd.service.d/override.conf
[Unit]
After=network.target
[Service]
Restart=always
RestartSec=5
RestartPreventExitStatus=
--- End Message ---
--- Begin Message ---
Am 02.03.19 um 13:40 schrieb Andrew Roberts:
> Michael,
>
> thanks for your detailed reply.
>
> A few things I would like to clarify.
>
> 1) I'm not wanting to edit the sshd.service file
>
> As you say this will be overwritten, hence my comment that this was NOT
> a solution.
>
It is a valid approach, if you use the correct name, i.e. ssh.service
(note the missing 'd') as I said earlier.
> This does not negate the need to be able to override
> RestartPreventExitStatus, or at least have the ability to do so.
systemctl edit ssh.service and setting
# /etc/systemd/system/ssh.service.d/override.conf
[Service]
RestartPreventExitStatus=
works fine (tested in a stretch vm)
See also the corresponding documentation:
> RestartPreventExitStatus=
> Takes a list of exit status definitions that, when returned by the
> main service process, will prevent automatic
> service restarts, regardless of the restart setting configured
> with Restart=. Exit status definitions can either be
> numeric exit codes or termination signal names, and are separated
> by spaces. Defaults to the empty list, so that, by
> default, no exit status is excluded from the configured restart
> logic. For example:
>
> RestartPreventExitStatus=1 6 SIGABRT
>
> ensures that exit codes 1 and 6 and the termination signal SIGABRT
> will not result in automatic service restarting.
> This option may appear more than once, in which case the list of
> restart-preventing statuses is merged. If the empty
> string is assigned to this option, the list is reset and all prior
> assignments of this option will have no effect
The only odd behaviour I can see is the effect this has on ExecStartPre,
but that's an entirely different issue.
So closing the bug report.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
--- End Message ---
