Please consider dropping /etc/network/if-up.d/openssh-server
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Fix Released
|
Low
|
David Britton |
Bug Description
The /etc/network/
103436. At least from today's perspective this isn't justified:
I can't seem to be able to actually reproduce that issue: I can start a VM with no network interfaces, remove the above hack, then start sshd, then bring up an ethernet interface, and I can connect to ssh via ethernet just fine. Also, e. g. Fedora has no counterpart of this hack, and these days a lot of people would complain if that would cause problems, as hotpluggable/
The hack introduces a race: you run into connection errors after bringing up a new interface as sshd stops listening briefly while being reloaded. That's the reason why I looked at it, as this regularly happens in upstream's cockpit integration tests.
Also, /etc/network/
I asked the original reporter of bug 103436 for some details, and to check whether that hack is still necessary. There is actually a proposed patch upstream [2] to use IP_FREEBIND, which is the modern solution to listening to all "future" interfaces as well. But at least for the majority of cases it seems to work fine without that even.
So I wonder if it's time to bury that hack?
[1] https:/
[2] https:/
Changed in openssh (Ubuntu): | |
importance: | Undecided → Low |
On Mon, 20 Mar 2017 13:26:35 -0000 Launchpad Bug Tracker if-up.d/ openssh- server hack was introduced ten
<email address hidden> wrote:
> You have been subscribed to a public bug by Martin Pitt (pitti):
>
> The /etc/network/
> years ago [1] as a response to bug 103436. At least from today's
> perspective this isn't justified:
>
> I can't seem to be able to actually reproduce that issue: I can
> start a VM with no network interfaces, remove the above hack, then
> start sshd, then bring up an ethernet interface, and I can connect
> to ssh via ethernet just fine.
sshd has no internal support to open and close listening addresses on
its own, so I suspect you're wrong. Why don't you try the actual use
case, which is changing addresses rather than an initial open.
However, I haven't used ubuntu in at least eight years and have no
way to help you.
> Also, e. g. Fedora has no
> counterpart of this hack, and these days a lot of people would
> complain if that would cause problems,
How many people regularly ssh into their laptops on multiple
networks? I would guess very few.
> The hack introduces a race: you run into connection errors after
> bringing up a new interface as sshd stops listening briefly while
> being reloaded.
Well, yah, but when you change networks you're also not listening to
the network. This isn't a race, this is just expected behavior. Even
if sshd did this on its own this would happen.
And it isn't a "hack", this is exactly what ifup/down scripts are for.
Perry
--
Perry E. Metzger <email address hidden>