upgrade to lunar fails due to rescue-ssh.target or port 22 takeover
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Confirmed
|
High
|
Unassigned | ||
systemd (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
Hi,
I just upgraded a system from Jammy to Lunar and openssh-server refuses to upgrade well.
Setting up openssh-server (1:9.0p1-1ubuntu8) ...
Replacing config file /etc/ssh/
Replacing config file /etc/ssh/
Synchronizing state of ssh.service with SysV service script with /lib/systemd/
Executing: /lib/systemd/
rescue-ssh.target is a disabled or a static unit not running, not starting it.
Could not execute systemctl: at /usr/bin/
dpkg: error processing package openssh-server (--configure):
installed openssh-server package post-installation script subprocess returned error exit status 1
Processing triggers for man-db (2.11.2-1) ...
Processing triggers for libc-bin (2.36-0ubuntu4) ...
Errors were encountered while processing:
openssh-server
Error: Timeout was reached
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
I'm not sure what exactly it is.
This output complains about rescue-ssh.target and indeed that can not be started even directly.
$ sudo systemctl start rescue-ssh.target
A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for details.
And in postinst is a try to start it:
$ grep rescue /var/lib/
deb-systemd-
But I think the underlying issue is that ssh is already on, and I'm logged in via it.
And that makes the service restart of the ssh socket which was added break.
Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create listening socket ([::]:22): Address already in use
Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive listening socket ([::]:22): Input/output error
Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to listen on sockets: Input/output error
Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed with result 'resources'.
Now, whichever it is, it is hard to resolve.
The only way to get the socket to own it would be rebooting so that sshd lets go and systemd can take over.
I could reboot, but that is not the point.
What if I'd want to get the service and upgrade completed before reboot.
Because as of now dpkg considers the system unhappy, and that would usually be a sign for "better not reboot before being resolved" to me.
One thing though, I have not upgraded with do-release-upgrade - would we / do we have magic there to make the ssh socket activation transition smoother?
CVE References
Changed in openssh (Ubuntu): | |
assignee: | nobody → Miriam España Acebal (mirespace) |
As expected, on reboot all is fine for the service status
ubuntu@ node-horsea: ~$ systemctl status ssh.service system/ ssh.service; disabled; preset: enabled) system/ ssh.service. d
└ ─00-socket. conf
man: sshd_config( 5) /usr/sbin/ sshd -t (code=exited, status=0/SUCCESS) slice/ssh. service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/
Drop-In: /etc/systemd/
Active: active (running) since Thu 2023-02-02 10:54:40 UTC; 12min ago
TriggeredBy: ● ssh.socket
Docs: man:sshd(8)
Process: 2689 ExecStartPre=
Main PID: 2690 (sshd)
Tasks: 1 (limit: 38220)
Memory: 5.3M
CPU: 894ms
CGroup: /system.
└─2690 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Feb 02 11:06:27 node-horsea sshd[14629]: Accepted publickey for ubuntu from 10.172.196.173 port 47348 ssh2: RSA SHA256: KyONnhWWzlbscZN THPZ25GWCXDQY5u /UD72EtQcwtqU sshd:session) : session opened for user ubuntu(uid=1000) by (uid=0) sshd:session) : deprecated reading of user environment enabled KyONnhWWzlbscZN THPZ25GWCXDQY5u /UD72EtQcwtqU sshd:session) : session opened for user ubuntu(uid=1000) by (uid=0) sshd:session) : deprecated reading of user environment enabled KyONnhWWzlbscZN THPZ25GWCXDQY5u /UD72EtQcwtqU sshd:session) : session opened for user ubuntu(uid=1000) by (uid=0) sshd:session) : deprecated reading of user environment enabled sshd:session) : session closed for user ubuntu node-horsea: ~$ systemctl status ssh.socket system/ ssh.socket; enabled; preset: enabled) slice/ssh. socket
Feb 02 11:06:27 node-horsea sshd[14629]: pam_unix(
Feb 02 11:06:27 node-horsea sshd[14629]: pam_env(
Feb 02 11:06:58 node-horsea sshd[14735]: Accepted publickey for ubuntu from 10.172.196.173 port 55016 ssh2: RSA SHA256:
Feb 02 11:06:58 node-horsea sshd[14735]: pam_unix(
Feb 02 11:06:59 node-horsea sshd[14735]: pam_env(
Feb 02 11:07:03 node-horsea sshd[14796]: Accepted publickey for ubuntu from 10.172.196.173 port 57034 ssh2: RSA SHA256:
Feb 02 11:07:03 node-horsea sshd[14796]: pam_unix(
Feb 02 11:07:03 node-horsea sshd[14796]: pam_env(
Feb 02 11:07:03 node-horsea sshd[14796]: pam_unix(
ubuntu@
● ssh.socket - OpenBSD Secure Shell server socket
Loaded: loaded (/lib/systemd/
Active: active (running) since Thu 2023-02-02 10:54:21 UTC; 12min ago
Until: Thu 2023-02-02 10:54:21 UTC; 12min ago
Triggers: ● ssh.service
Listen: [::]:22 (Stream)
Tasks: 0 (limit: 38220)
Memory: 8.0K
CPU: 894us
CGroup: /system.
Feb 02 10:54:21 node-horsea systemd[1]: Listening on OpenBSD Secure Shell server socket.
And out of this condition it can even complete the package configuration.
ubuntu@ node-horsea: ~$ sudo dpkg-reconfigure openssh-server dpkg-reconfigur e: openssh-server is broken or not fully installed node-horsea: ~$ sudo apt-get install --fix-broken
/usr/sbin/
ubuntu@
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up openssh-server (1:9.0p1-1ubuntu8) ...
Replacing config file /etc/ssh/ssh...