upgrading openssh-server always shows error: rescue-ssh.target is a disabled or a static unit not running, not starting it.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Fix Released
|
Low
|
Colin Watson |
Bug Description
In our project we regularly build Ubuntu VM images for current 23.10 (stable). In https:/
Setting up openssh-server (1:9.3p1-
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:
rescue-ssh.target is a disabled or a static unit not running, not starting it.
Could not execute systemctl: at /usr/bin/
dpkg: error processing package openssh-server (--configure):
installed openssh-server package post-installation script subprocess returned error exit status 1
I.e. of course that security update itself [1] didn't introduce the regression, but earlier VM builds just didn't have a pending openssh update -- looks like this has been a luring upgrade trap in the release already.
As a first naïve reproducer I tried
apt update
DEBIAN_
on our current VM (with the release version 1:9.3p1-1ubuntu3), and that worked fine. Same with installing all 9 available packages. rescue.target is loaded/
# Allow root login with password
sed -i 's/^[# ]*PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/
# Prevent SSH from hanging for a long time when no external network access
echo 'UseDNS no' >> /etc/ssh/
this also leads to a merge conflict. However, I suppose all of that is tangential to the rescue-ssh.target issue. In all my interactive upgrades, it seemed to handle that just fine:
Setting up openssh-server (1:9.3p1-
rescue-ssh.target is a disabled or a static unit not running, not starting it.
So this seems to be related to the first-time installation of openssh-server -- it is part of the cloud image, but it does the host key generation during our image builds.
So reproducing this is a bit tricky, but aside from that: Why does it even do this in the first place?
# Automatically added by dh_installsyste
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -d /run/systemd/system ]; then
if [ -n "$2" ]; then
fi
fi
fi
It feels like the postinst should *never* try to start rescue-ssh.target. That's an alternative boot mode, and should never run un multi-user.target, isn't it?
[1] https:/
DistroRelease: Ubuntu 23.10
PackageVersion: openssh-server 1:9.3p1-1ubuntu3.1
CVE References
tags: | added: server-todo |
Fun, this isn't even reliable. The first atttempt failed:
https:/ /cockpit- logs.us- east-1. linodeobjects. com/image- refresh- logs/ubuntu- stable- 20231219- 223939. log
I retried the build now, no package or environment changes. Only daytime and timing (race conditions). Perhaps some interaction with cloud-init?