on upgrade sshd-socket-generator conversion does not respect administrator intent
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Fix Released
|
Medium
|
Nick Rosbrook |
Bug Description
the openssh-server 1:9.6p1-3ubuntu11 postinst contains this code snippet:
if [ "$action" == configure ]; then
..snip..
if dpkg --compare-versions "$2" lt-nl 1:9.6p1-3ubuntu3~; then
..snip..
if [ -d /run/systemd/system ]; then
# Make sure ssh.service is disabled.
systemctl unmask ssh.service
systemctl disable --now ssh.service > /dev/null 2>&1
# sshd-socket-
systemctl daemon-reload
systemctl enable ssh.socket
fi
fi
fi
This does not respect existing service and socket unit configuration, it effectively re-enables a disabled ssh.service (and even a masked one), and a manually disabled socket unit. I strongly suspect it does not respect systemd presets either.
This is unexpected behaviour.
information type: | Public → Public Security |
Changed in openssh (Ubuntu): | |
status: | Confirmed → Fix Committed |
Is there a strong use case for installing openssh-server, but then not wanting it to run as a daemon (i.e. disabling the necessary systemd units)? The purpose of this snippet is to migrate to socket activated sshd by default, which is the case for new installs of openssh-server.