Hi, since the obvious solution (ExecStop) was found to be bad as it introduces a regression and it is no more even clear on which level it has to be solved (systemd, openssh in Debian, openssh in Ubuntu) I think this is no more as-actionable as before.
Sure if someone has the time (or just enjoys it) please work out a solution that works out fine and suggest it here or to Debian. The most obvious one we see in a few other packages is a wrapper script instead of calling the binary. But that often enough brings other issues and some people just hate the approach. Maybe worth having a discussion with cjwatson upfront what he thinks would be acceptible for packaging in Debian. untagging server-next for the reasons outlined above. ** Tags removed: server-next -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1913810 Title: restart doesn't test for syntax errors Status in openssh package in Ubuntu: Confirmed Bug description: Tested openssh on bionic and groovy, same issue. The switch to systemd lost the ability to do a sanity check on the config file (via sshd -t) before attempting to restart sshd. This was originally bug #624361 in the SySV days, fixed in the initscript back then. The sysv script still does it, but it's not used anymore: restart) check_privsep_dir check_config log_daemon_msg "Restarting OpenBSD Secure Shell server" "sshd" || true And: check_config() { if [ ! -e /etc/ssh/sshd_not_to_be_run ]; then /usr/sbin/sshd $SSHD_OPTS -t || exit 1 fi } The systemd service file has only ExecStartPre, which doesn't let it start if there is an error, but will happily stop it: [Unit] Description=OpenBSD Secure Shell server After=network.target auditd.service ConditionPathExists=!/etc/ssh/sshd_not_to_be_run [Service] EnvironmentFile=-/etc/default/ssh ExecStartPre=/usr/sbin/sshd -t ExecStart=/usr/sbin/sshd -D $SSHD_OPTS ExecReload=/usr/sbin/sshd -t ExecReload=/bin/kill -HUP $MAINPID ... Example: # sshd -t # systemctl restart sshd # telnet localhost 22 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 ^] telnet> quit Connection closed. # echo "syntax error" >> /etc/ssh/sshd_config # sshd -t /etc/ssh/sshd_config: line 123: Bad configuration option: syntax /etc/ssh/sshd_config: terminating, 1 bad configuration options # systemctl restart sshd Job for ssh.service failed because the control process exited with error code. See "systemctl status ssh.service" and "journalctl -xe" for details. # telnet localhost 22 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused # To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1913810/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
