sshd -t check failed when sshd not running

Bug #2107356 reported by jinkangkang
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

after stopped ssh service, the sshd -t will check failed, and a error reported: "Missing privilege separation directory: /run/sshd", but when there is a invalid configrue in sshd_config, the check is working properly

cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.2 LTS (Noble Numbat)"
VERSION_CODENAME=noble
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=noble
LOGO=ubuntu-logo

systemctl stop ssh

sshd -t
Missing privilege separation directory: /run/sshd

echo "invalid_test" >> /etc/ssh/sshd_config

sshd -t
/etc/ssh/sshd_config line 127: no argument after keyword "invalid_test"
/etc/ssh/sshd_config: terminating, 1 bad configuration options

Revision history for this message
Renan Rodrigo (renanrodrigo) wrote :

Hello, @jinkangkang, thanks for reaching out and reporting this.

This is the expected behavior for sshd.

If your configuration is not correct, the command will state it as it should.

If your configuration is correct, no config errors are shown, as sshd is able to parse the config file. Then, after that, it says the privilege separation directory is not there, not exactly because you are not running the daemon, but because you are running sshd as root. The root user (or kerberos authenticated user) need the dir to be present to be able to run sshd - you can check that, running as root, this error happens even without the -t flag.

If your configuration is correct and you run sshd -t as a non-root user, it should work without complaining about the directory.

I am closing this bug as invalid, but please feel free to reopen and add context if you think something in this flow is wrong.

Changed in openssh (Ubuntu):
status: New → Invalid
Revision history for this message
jinkangkang (jinkangkang) wrote (last edit ):

Thank you for your reply. This behavior is inconsistent with the Red Hat (fedora, centos ...) system, as the Red Hat system does not require the/ run/sshd directory during operation, and Redhat doesn't have the same phenomenon,
If you confirm that this is normal behavior on Ubuntu/Debian, please ignore and close the bug

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.