Public bug reported: When I installed the openssh-server package on 8.04, it did not create the sshd privilege separation user, which causes the /etc/init.d/ssh script to fail to start sshd at boot time.
The problem turns out to be in the openssh-server.postinst post install script. This script looks for the presence of user sshd, and does not run adduser if it already exists. However, I had installed NIS, and my NIS server had an sshd account; therefore the postinst script did not add a local sshd user. At reboot, the order of the scripts in /etc/rc2.d is to first run the ssh script, then run the nis script. Since nis has not started when ssh runs, there is no user sshd, and the ssh script fails with a message like, "Privilege separation user sshd does not exist." At install time, however, the NIS server was running, so sshd started (apparently the remote sshd account is good enough) and no error was reported. When I ran the adduser line in openssh-server.postinst by hand, the problem at boot time goes away, and sshd starts correctly at the next boot. I believe the correct fix is to grep for the sshd user in /etc/passwd in the postinst script, and run adduser to create a local user if it is not found, rather than using getent to detect the presence of sshd. (Apparently getent will find an NIS account, which you don't want.) It makes no sense for the sshd user to be on a remote NIS server; it should always be a local account. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- openssh-server install does not create privilege separation user sshd https://bugs.launchpad.net/bugs/227592 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs