monit default configuration for openssh-server causes openssh to be unusable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
monit (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Defaults no longer match up exactly between openssh-server and monit.
If I recall correctly, openssh-server no longer generates or relies on dsa host keys for valid security reasons. However, the provided monit openssh-server monitoring configuration contains two stanzas that force monit to disable/terminate the openssh-server process because the system has no sshd_dsa_keys defined.
This seems like a bug in monit; easy workarounds exist (remove stanzas or generate dsa host key even if it's not used by sshd), but conf-available data should probably work out of the box.
The problematic stanzas in /etc/monit/
# depend on sshd_dsa_key
# check file sshd_dsa_key with path /etc/ssh/
# group sshd
# include /etc/monit/
This issue consistently occurs on a fresh bionic install with monit and openssh-server installed, on reboot. My packages versions are monit 1:5.25.1-1build1 and openssh-server 1:7.6p1-4ubuntu0.1.
[UTC Jan 10 20:59:18] error : 'sshd_dsa_key' file doesn't exist
[UTC Jan 10 20:59:18] info : 'sshd_dsa_key' trying to restart
[UTC Jan 10 20:59:18] info : 'sshd' stop: '/etc/init.d/ssh stop'
[UTC Jan 10 20:59:19] error : 'sshd_dsa_key' file doesn't exist
[UTC Jan 10 20:59:19] error : 'sshd' failed to start -- could not start required services: 'sshd_dsa_key'