restart doesn't test for syntax errors
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Tested openssh on bionic and groovy, same issue.
The switch to systemd lost the ability to do a sanity check on the config file (via sshd -t) before attempting to restart sshd. This was originally bug #624361 in the SySV days, fixed in the initscript back then.
The sysv script still does it, but it's not used anymore:
restart)
And:
check_config() {
if [ ! -e /etc/ssh/
fi
}
The systemd service file has only ExecStartPre, which doesn't let it start if there is an error, but will happily stop it:
[Unit]
Description=OpenBSD Secure Shell server
After=network.
ConditionPathEx
[Service]
EnvironmentFile
ExecStartPre=
ExecStart=
ExecReload=
ExecReload=
...
Example:
# sshd -t
# systemctl restart sshd
# telnet localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-
^]
telnet> quit
Connection closed.
# echo "syntax error" >> /etc/ssh/
# sshd -t
/etc/ssh/
/etc/ssh/
# systemctl restart sshd
Job for ssh.service failed because the control process exited with error code.
See "systemctl status ssh.service" and "journalctl -xe" for details.
# telnet localhost 22
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
#
tags: | added: server-next |
Changed in openssh (Ubuntu): | |
status: | New → Confirmed |
Ideally, this should be supported by systemd somehow. There is this (old) discussion upstream, which is relevant here: https:/ /github. com/systemd/ systemd/ issues/ 2175
If we introduced the desired behavior by including an ExecStop script to the systemd unit configuration file, we would introduce a regression since stopping the service for erroneous configuration files would not be allowed (this was not the behavior for sysV).