Package: openssh-server Version: 1:8.4p1-4 Severity: grave Hi there,
On a Sid/Testing system, currently we have in /lib/systemd/system/ssh.service: After=network.target auditd.service While this isn't a problem in most installation, it didn't work under our setup, because we use "bgp-to-the-host" networking. In this setup, we need FRR (the BGP routing daemon which is a fork of Quagga, if you didn't know) to provide network connectivity to the server. Our configuration is something like this: # cat /etc/frr/frr.conf [...] ! int lo ip address 10.56.17.7/32 ! [...] This means that, until FRR is fully up and running, with the BGP session established, the server IP (10.x.x.x/32 bound to the loopback interface) isn't set yet on the server, and the ssh daemon cannot bind on the IP (as it's not there yet). Our fix was pretty simple: # cat /etc/systemd/system/ssh.service.d/override.conf [Unit] After=network-online.target auditd.service But IMO, this is very wrong to mandate doing this, and not having ssh connectivity after a reboot, is kind of a grave problem. So, could you hard-wire this in the openssh-server package directly, so Debian users can avoid such an override? Indeed After=network.target doesn't tell you that network is ready. After=network-online.target does, and that's IMO what the ssh daemon should be using. Thanks for maintaining openssh in Debian, Cheers, Thomas Goirand (zigo)
