** Changed in: openssh (Ubuntu)
Importance: Undecided => Low
** Changed in: openssh (Ubuntu)
Status: New => In Progress
** Changed in: openssh (Ubuntu)
Assignee: (unassigned) => Steve Langasek (vorlon)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1991283
Title:
"sshd -i" breaks due to socket activation
Status in openssh package in Ubuntu:
In Progress
Bug description:
On Jammy and earlier, simply running "sshd -i" worked.
Now, it fails silently, and running it with "-d" gives me:
Missing privilege separation directory: /run/sshd
This directory is normally created with "RuntimeDirectory=sshd" as
defined in /lib/systemd/system/ssh.service. In Jammy, this directory
got created by the ssh service starting at boot, so "sshd -i" worked.
Now, with socket activation, it no longer does that, so "sshd -i"
fails unless someone has actually connected on TCP port 22 (which they
often won't have, since that's the point of "sshd -i").
systemd will then remove /run/sshd when the ssh service is stopped. I
think maybe this won't interfere with an existing "sshd -i", but it's
not really clean. Further, the privilege separation directory doesn't
appear to be configurable - at least I couldn't find any mention in
sshd_config(5).
The workaround is to "mkdir -p /run/sshd && sshd -i" instead.
Given that "sshd -i"'s use of /run/sshd isn't really related to the
systemd service, maybe we should move the creation of that directory
into tmpfiles.d instead?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991283/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
