** Description changed: + [Impact] + + sshd doesn't check the configuration when reloading. + + If a user generates an invalid configuration file, sshd will shut down + and not come back up when the user issues a reload. + + + [Test Case] + + Copied existing debian fix from 7f06034b1c4ba72dac028ed7879c89b6ee073293 + in pkg/ubuntu/artful to check sshd_config for errors before starting or + reloading the service. + + PPA: ppa:kstenerud/sshd-reload-1771340 + + + Steps to Test + ------------- + + $ lxc launch ubuntu:xenial tester + $ lxc exec tester bash + + # echo "blah blah" >>/etc/ssh/sshd_config + # systemctl reload sshd + Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. + # systemctl status ssh.service + ● ssh.service - OpenBSD Secure Shell server + Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) + Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago + + * The service should have checked the config file, failed to reload, but + remained active in its current configuration. In this case ssh has shut + down. + + Remove the last line "blah blah" in /etc/ssh/sshd_config, then: + + # systemctl start sshd + # add-apt-repository -y ppa:kstenerud/sshd-reload-1771340 + # apt update + # apt upgrade -y + # echo "blah blah" >>/etc/ssh/sshd_config + # systemctl reload sshd + Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. + # systemctl status ssh.service + ● ssh.service - OpenBSD Secure Shell server + Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) + Active: active (running) (Result: exit-code) since Tue 2018-08-21 18:39:03 UTC; 31s ago + + * Service is active (running), which is as it should be. + + + [Regression Potential] + + This code will only trigger on an invalid configuration file (in which + case sshd would not load anyway), so there should be no regressions. + + + [Original Description] + After adding some lines to /etc/ssh/sshd_config I tried to reload the configuration with the command: ``` sudo systemctl reload sshd ``` No error message was returned. So I assumed that the sshd was running with the current config. But `sudo systemctl status sshd` told me that the service failed due to a wrong option in /etc/ssh/sshd_config. Please see the following output: ~~~ :~$ sudo vim /etc/ssh/sshd_config :~$ sudo systemctl reload sshd :~$ sudo systemctl status sshd ● ssh.service - OpenBSD Secure Shell server - Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) - Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago - Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) - Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255) - Main PID: 7536 (code=exited, status=255) + Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) + Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago + Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) + Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255) + Main PID: 7536 (code=exited, status=255) ~~~ I would expect that a warning or error message is returned when the service fails while reloading it's configuration. A fix for this behaviour would be appreciated. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openssh-server 1:7.2p2-4ubuntu2.4 ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39 Uname: Linux 3.13.0-112-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.17 Architecture: amd64 Date: Tue May 15 10:18:25 2018 InstallationDate: Installed on 2013-01-10 (1950 days ago) InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3) SourcePackage: openssh UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago) mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420
** Description changed: [Impact] sshd doesn't check the configuration when reloading. If a user generates an invalid configuration file, sshd will shut down and not come back up when the user issues a reload. - [Test Case] Copied existing debian fix from 7f06034b1c4ba72dac028ed7879c89b6ee073293 in pkg/ubuntu/artful to check sshd_config for errors before starting or reloading the service. PPA: ppa:kstenerud/sshd-reload-1771340 - Steps to Test ------------- $ lxc launch ubuntu:xenial tester $ lxc exec tester bash # echo "blah blah" >>/etc/ssh/sshd_config # systemctl reload sshd Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. # systemctl status ssh.service ● ssh.service - OpenBSD Secure Shell server - Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) - Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago + Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) + Active: failed (Result: exit-code) since Tue 2018-08-21 18:15:41 UTC; 19s ago * The service should have checked the config file, failed to reload, but remained active in its current configuration. In this case ssh has shut down. Remove the last line "blah blah" in /etc/ssh/sshd_config, then: # systemctl start sshd # add-apt-repository -y ppa:kstenerud/sshd-reload-1771340 # apt update # apt upgrade -y # echo "blah blah" >>/etc/ssh/sshd_config # systemctl reload sshd Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. # systemctl status ssh.service ● ssh.service - OpenBSD Secure Shell server - Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) - Active: active (running) (Result: exit-code) since Tue 2018-08-21 18:39:03 UTC; 31s ago + Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) + Active: active (running) (Result: exit-code) since Tue 2018-08-21 18:39:03 UTC; 31s ago * Service is active (running), which is as it should be. - [Regression Potential] This code will only trigger on an invalid configuration file (in which case sshd would not load anyway), so there should be no regressions. + + [Other Info] + + autopkgtest [13:45:46]: test regress: -----------------------] + autopkgtest [13:45:47]: test regress: - - - - - - - - - - results - - - - - - - - - - + regress PASS + autopkgtest [13:45:47]: @@@@@@@@@@@@@@@@@@@@ summary + regress PASS [Original Description] After adding some lines to /etc/ssh/sshd_config I tried to reload the configuration with the command: ``` sudo systemctl reload sshd ``` No error message was returned. So I assumed that the sshd was running with the current config. But `sudo systemctl status sshd` told me that the service failed due to a wrong option in /etc/ssh/sshd_config. Please see the following output: ~~~ :~$ sudo vim /etc/ssh/sshd_config :~$ sudo systemctl reload sshd :~$ sudo systemctl status sshd ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Di 2018-05-15 10:00:04 CEST; 8s ago Process: 12089 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 7536 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255) Main PID: 7536 (code=exited, status=255) ~~~ I would expect that a warning or error message is returned when the service fails while reloading it's configuration. A fix for this behaviour would be appreciated. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openssh-server 1:7.2p2-4ubuntu2.4 ProcVersionSignature: Ubuntu 3.13.0-112.159-generic 3.13.11-ckt39 Uname: Linux 3.13.0-112-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.17 Architecture: amd64 Date: Tue May 15 10:18:25 2018 InstallationDate: Installed on 2013-01-10 (1950 days ago) InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3) SourcePackage: openssh UpgradeStatus: Upgraded to xenial on 2017-03-12 (428 days ago) mtime.conffile..etc.pam.d.sshd: 2017-03-13T19:59:01.965420 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1771340 Title: sshd failed on config reload To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1771340/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
