Bug#778913: openssh-server: init (at least systemd) doesn't notice when sshd fails to start and reports success

Michael Biebl biebl at debian.org
Tue May 12 16:07:45 BST 2015 

Control: tags -1 + patch

Am 12.05.2015 um 13:45 schrieb Michael Biebl:
> On Mon, 30 Mar 2015 04:02:01 +0200 Christoph Anton Mitterer
>> As for sd_notify,... a simply google query didn't turn up any existing
>> patches for that and it may be hard to convince upstream to do it ;)
> 
> A patch for that should be not that complicated and might even be worth
> shipping downstream if upstream doesn't want to apply it.

Attached is a patch which adds support for sd_notify.
The configure.ac changes are a bit more convoluted then I hoped since 
openssh doesn't use the pkg-config provided macros.


A quick test (with a broken configuration file) at least seems to 
properly error out:


root at pluto:~# systemctl status ssh.service 
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/etc/systemd/system/ssh.service; enabled)
   Active: active (running) since Di 2015-05-12 17:03:28 CEST; 4s ago
 Main PID: 13021 (sshd)
   CGroup: /system.slice/ssh.service
           └─13021 /usr/sbin/sshd -D

Mai 12 17:03:28 pluto sshd[13021]: Server listening on 0.0.0.0 port 22.
Mai 12 17:03:28 pluto sshd[13021]: Server listening on :: port 22.

root at pluto:~# echo foobar >> /etc/ssh/sshd_config 

root at pluto:~# systemctl restart ssh.service 
Job for ssh.service failed. See 'systemctl status ssh.service' and 'journalctl -xn' for details.

root at pluto:~# systemctl status ssh.service 
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/etc/systemd/system/ssh.service; enabled)
   Active: failed (Result: start-limit) since Di 2015-05-12 17:03:51 CEST; 5s ago
  Process: 13053 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255)
 Main PID: 13053 (code=exited, status=255)

Mai 12 17:03:51 pluto sshd[13053]: /etc/ssh/sshd_config: terminating, 1 bad configuration options
Mai 12 17:03:51 pluto systemd[1]: ssh.service: main process exited, code=exited, status=255/n/a
Mai 12 17:03:51 pluto systemd[1]: Failed to start OpenBSD Secure Shell server.
Mai 12 17:03:51 pluto systemd[1]: Unit ssh.service entered failed state.
Mai 12 17:03:51 pluto systemd[1]: ssh.service start request repeated too quickly, refusing to start.
Mai 12 17:03:51 pluto systemd[1]: Failed to start OpenBSD Secure Shell server.
Mai 12 17:03:51 pluto systemd[1]: Unit ssh.service entered failed state.


As you can see, systemd tries to repeatedly start the service until it hits
start-limit.
We should use sd_notify in that case to pass a correct error code to systemd.

The patch is not complete yet, more a PoC.

That said, would be glad if Colin could give it some proper review.
Don't want to spend time on it, if it's unlikely to get merged.


Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sshd.diff
Type: text/x-patch
Size: 3816 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20150512/0f46bf0d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20150512/0f46bf0d/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list