Bug#778913: openssh-server: init (at least systemd) doesn't notice when sshd fails to start and reports success

Michael Biebl biebl at debian.org
Mon Mar 30 07:33:11 BST 2015


Am 30.03.2015 um 01:17 schrieb Michael Biebl:
> So I suggest using the Type=forking option but also setting
> RestartPreventExitStatus=255 [1], since 255 seems to be the return code
> on config errors and I don't think it makes sense to restart in that case.
> 
> The resulting ssh.service would look like
> 
> [Unit]
> Description=OpenBSD Secure Shell server
> After=network.target auditd.service
> ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
> 
> [Service]
> EnvironmentFile=-/etc/default/ssh
> ExecStart=/usr/sbin/sshd $SSHD_OPTS
> ExecReload=/bin/kill -HUP $MAINPID
> KillMode=process
> Restart=on-failure
> Type=forking
> PIDFile=/var/run/sshd.pid
> RestartPreventExitStatus=255
> 
> [Install]
> WantedBy=multi-user.target
> Alias=sshd.service
> 
> 
> With those changes, ssh.service ssems to behave "as expected" on failures.

I spoke too soon. As it turns out, sshd has a rather strange, or let's
say broken, SIGHUP behaviour (when in daemon mode): It reexecs, i.e.
changes its PID but doesn't write a new /var/run/sshd.pid. Since ssh
runs reload in it's if-up.d hook under systemd, this will break make it
break badly, since systemd will lose track of the sshd main process.

Colin, any idea, why sshd behaves so strange on SIGHUP?




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150330/e93cf605/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list