[Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

Adriaan van Nijendaal Sat, 02 May 2020 09:06:17 -0700

Thank you Simon and Seth, for your quick response. I have looked into
this further by installing a virgin Ubuntu Server 20.04 with SSH.


Changing the 'Port' in /etc/ssh/sshd_config to 7722 starts sshd on port
7722 and NOT on port 22, just like you said, Simon. BUT:

Rename sshd_config to something_else and replace sshd_config with two
lines to include the original config (now called something_else) and set
the Port to 7722:

systemctl stop ssh
mv /etc/ssh/sshd_config /etc/ssh/something_else
cat > /etc/ssh/sshd_config <<EOF
Include /etc/ssh/something_else
Port 7722
EOF
systemctl start ssh
systemctl status ssh
# restore the original config:
mv /etc/ssh/something_else /etc/ssh/sshd_config

Which will show:

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: 
enabled)
     Active: active (running) since Sat 2020-05-02 15:31:37 UTC; 13s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 45261 ExecStartPre=/usr/sbin/sshd -t (code=exited, 
status=0/SUCCESS)
   Main PID: 45271 (sshd)
      Tasks: 1 (limit: 18457)
     Memory: 1.3M
     CGroup: /system.slice/ssh.service
             └─45271 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

May 02 15:31:37 cabernet systemd[1]: Starting OpenBSD Secure Shell server...
May 02 15:31:37 cabernet sshd[45271]: Server listening on 0.0.0.0 port 7722.
May 02 15:31:37 cabernet sshd[45271]: Server listening on :: port 7722.
May 02 15:31:37 cabernet sshd[45271]: Server listening on 0.0.0.0 port 22.
May 02 15:31:37 cabernet sshd[45271]: Server listening on :: port 22.
May 02 15:31:37 cabernet systemd[1]: Started OpenBSD Secure Shell server.

So, NOW it will have ports 22 AND 7722 open!

If one sets debug level 3 in /etc/default/ssh (SSHD_OPTS="-d -d -d"),
syslog will show that 'something_else' is read from line 1 in
sshd_config and that the Port is set afterwards (and not anywhere in
/etc/ssh/something_else).

May  2 15:34:01 cabernet systemd[1]: Stopping OpenBSD Secure Shell server...
May  2 15:34:01 cabernet systemd[1]: ssh.service: Succeeded.
May  2 15:34:01 cabernet systemd[1]: Stopped OpenBSD Secure Shell server.
May  2 15:34:01 cabernet systemd[1]: Starting OpenBSD Secure Shell server...
May  2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: filename 
/etc/ssh/sshd_config
May  2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: done config 
len = 43
May  2 15:34:01 cabernet sshd[45345]: debug2: parse_server_config_depth: config 
/etc/ssh/sshd_config len 43
May  2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/sshd_config line 1: new 
include /etc/ssh/something_else
May  2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/sshd_config line 1: 
including /etc/ssh/something_else
May  2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: filename 
/etc/ssh/something_else
May  2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: done config 
len = 296
May  2 15:34:01 cabernet sshd[45345]: debug2: parse_server_config_depth: config 
/etc/ssh/something_else len 296
May  2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/something_else line 13: 
new include /etc/ssh/sshd_config.d/*.conf
May  2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/something_else line 13: 
no match for /etc/ssh/sshd_config.d/*.conf
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:63 
setting ChallengeResponseAuthentication no
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:86 
setting UsePAM yes
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:91 
setting X11Forwarding yes
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:95 
setting PrintMotd no
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:113 
setting AcceptEnv LANG LC_*
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:116 
setting Subsystem sftp#011/usr/lib/openssh/sftp-server
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/sshd_config:2 setting 
Port 7722
May  2 15:34:01 cabernet sshd[45345]: debug1: sshd version OpenSSH_8.2, OpenSSL 
1.1.1f  31 Mar 2020
May  2 15:34:01 cabernet sshd[45345]: debug1: private host key #0: ssh-rsa 
SHA256:wiRec7mI3CIkcHIwvlEC137Ak+aZzEPocrwYHZtEn7M
May  2 15:34:01 cabernet sshd[45345]: debug1: private host key #1: 
ecdsa-sha2-nistp256 SHA256:qdlfKdKcW/T2Rm13DFa6KqHRxCwZNxPZPV/0nu1/uDM
May  2 15:34:01 cabernet sshd[45345]: debug1: private host key #2: ssh-ed25519 
SHA256:RqHjOSrBKft8jayVulIKh/y7EGkmFE+acxTLOPd4HOc
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[0]='/usr/sbin/sshd'
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[1]='-D'
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[2]='-d'
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[3]='-d'
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[4]='-d'
May  2 15:34:01 cabernet sshd[45345]: debug3: already daemonized
May  2 15:34:01 cabernet sshd[45345]: debug3: oom_adjust_setup
May  2 15:34:01 cabernet sshd[45345]: debug1: Set /proc/self/oom_score_adj from 
0 to -1000
May  2 15:34:01 cabernet sshd[45345]: debug2: fd 3 setting O_NONBLOCK
May  2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 7722 on 0.0.0.0.
May  2 15:34:01 cabernet sshd[45345]: Server listening on 0.0.0.0 port 7722.
May  2 15:34:01 cabernet sshd[45345]: debug2: fd 4 setting O_NONBLOCK
May  2 15:34:01 cabernet sshd[45345]: debug3: sock_set_v6only: set socket 4 
IPV6_V6ONLY
May  2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 7722 on ::.
May  2 15:34:01 cabernet sshd[45345]: Server listening on :: port 7722.
May  2 15:34:01 cabernet sshd[45345]: debug2: fd 5 setting O_NONBLOCK
May  2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 22 on 0.0.0.0.
May  2 15:34:01 cabernet sshd[45345]: Server listening on 0.0.0.0 port 22.
May  2 15:34:01 cabernet sshd[45345]: debug2: fd 6 setting O_NONBLOCK
May  2 15:34:01 cabernet sshd[45345]: debug3: sock_set_v6only: set socket 6 
IPV6_V6ONLY
May  2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 22 on ::.
May  2 15:34:01 cabernet sshd[45345]: Server listening on :: port 22.
May  2 15:34:01 cabernet systemd[1]: Started OpenBSD Secure Shell server.

I have read the source code for sshd, but I cannot find the 'obvious'
place where this goes wrong, although the juggling of the options
structure in process_config_line_depth() (in readconf.c) may have
something to do with it.

This bug probably won't affect too many people. Given that I have
already found a work-around and that I will now look into the 'Match'
keyword (which I was not aware of) to avoid running two daemons, I
suggest handling this issue at a low priority.

(Yes, my private keys are visible. This temporary install is not
accessible from the internet and will be scrapped in a few hours
anyway.)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1876320

Title:
  Port parameter sshd_config is 22 AND whatever you specify

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1876320] Re: Port parameter sshd_config is 22 AND whatever you specify

Reply via email to