Re: [Bug 1674330] [NEW] Please consider dropping /etc/network/if-up.d/openssh-server
On Sat, 25 Mar 2017 09:57:26 - Colin Watson wrote: > On Mon, Mar 20, 2017 at 05:14:07PM -, Perry E. Metzger wrote: > > And it isn't a "hack", this is exactly what ifup/down scripts are > > for. > > They're useful for giving sysadmins the flexibility to do this sort > of thing locally without too much work, but doing service restarts > on if-{up,down} is an awfully big hammer that's generally better > handled some other way if possible. So why don't you get a laptop and try it out? Using a virtual machine will not tell you what the behavior is if the network address is forcibly changed on the machine, and there are other confounding circumstances here like loss of network carrier when you change location etc. (It may be possible to conduct a principled experiment with virtual machines but it will not be particularly easy.) You will have to make sure that the daemon continues to permit remote logins on every new address it acquires. > Not being the maintainer and not using Ubuntu any more, you might be > unaware of how much work this hack has been to maintain over the > years. Many things are unpleasant to maintain but provide necessary functionality. Again, what you should do is conduct an actual test. Perry -- Perry E. Metzgerpe...@piermont.com -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674330 Title: Please consider dropping /etc/network/if-up.d/openssh-server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1674330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1674330] [NEW] Please consider dropping /etc/network/if-up.d/openssh-server
On Mon, Mar 20, 2017 at 05:14:07PM -, Perry E. Metzger wrote: > And it isn't a "hack", this is exactly what ifup/down scripts are for. They're useful for giving sysadmins the flexibility to do this sort of thing locally without too much work, but doing service restarts on if-{up,down} is an awfully big hammer that's generally better handled some other way if possible. Not being the maintainer and not using Ubuntu any more, you might be unaware of how much work this hack has been to maintain over the years. I'd certainly support removing it if it can be demonstrated to be safe to do so (in which I do include your original use case). For example: https://bugs.debian.org/502444 https://bugs.debian.org/756547 https://bugs.launchpad.net/bugs/1584393 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674330 Title: Please consider dropping /etc/network/if-up.d/openssh-server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1674330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1674330] [NEW] Please consider dropping /etc/network/if-up.d/openssh-server
On Mon, 20 Mar 2017 13:26:35 - Launchpad Bug Tracker <1674...@bugs.launchpad.net> wrote: > You have been subscribed to a public bug by Martin Pitt (pitti): > > The /etc/network/if-up.d/openssh-server hack was introduced ten > years ago [1] as a response to bug 103436. At least from today's > perspective this isn't justified: > > I can't seem to be able to actually reproduce that issue: I can > start a VM with no network interfaces, remove the above hack, then > start sshd, then bring up an ethernet interface, and I can connect > to ssh via ethernet just fine. sshd has no internal support to open and close listening addresses on its own, so I suspect you're wrong. Why don't you try the actual use case, which is changing addresses rather than an initial open. However, I haven't used ubuntu in at least eight years and have no way to help you. > Also, e. g. Fedora has no > counterpart of this hack, and these days a lot of people would > complain if that would cause problems, How many people regularly ssh into their laptops on multiple networks? I would guess very few. > The hack introduces a race: you run into connection errors after > bringing up a new interface as sshd stops listening briefly while > being reloaded. Well, yah, but when you change networks you're also not listening to the network. This isn't a race, this is just expected behavior. Even if sshd did this on its own this would happen. And it isn't a "hack", this is exactly what ifup/down scripts are for. Perry -- Perry E. Metzgerpe...@piermont.com -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674330 Title: Please consider dropping /etc/network/if-up.d/openssh-server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1674330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1674330] [NEW] Please consider dropping /etc/network/if-up.d/openssh-server
Public bug reported: The /etc/network/if-up.d/openssh-server hack was introduced ten years ago [1] as a response to bug 103436. At least from today's perspective this isn't justified: I can't seem to be able to actually reproduce that issue: I can start a VM with no network interfaces, remove the above hack, then start sshd, then bring up an ethernet interface, and I can connect to ssh via ethernet just fine. Also, e. g. Fedora has no counterpart of this hack, and these days a lot of people would complain if that would cause problems, as hotpluggable/roaming network devices are everywhere. The hack introduces a race: you run into connection errors after bringing up a new interface as sshd stops listening briefly while being reloaded. That's the reason why I looked at it, as this regularly happens in upstream's cockpit integration tests. Also, /etc/network/if-up.d/ isn't being run when using networkd/netplan, i. e. in more recent Ubuntnu cloud instances. So far this doesn't seem to have caused any issues. I asked the original reporter of bug 103436 for some details, and to check whether that hack is still necessary. There is actually a proposed patch upstream [2] to use IP_FREEBIND, which is the modern solution to listening to all "future" interfaces as well. But at least for the majority of cases it seems to work fine without that even. So I wonder if it's time to bury that hack? [1] https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?id=ba6b55ed6 [2] https://bugzilla.mindrot.org/show_bug.cgi?id=2512 ** Affects: openssh (Ubuntu) Importance: Low Status: New ** Changed in: openssh (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1674330 Title: Please consider dropping /etc/network/if-up.d/openssh-server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1674330/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs