Ubuntu
openssh package

Bug #1876320
Comment #4

Comment 4 for bug 1876320

Revision history for this message

Adriaan van Nijendaal (adriaan-choam) wrote on 2020-05-02:

Thank you Simon and Seth, for your quick response. I have looked into this further by installing a virgin Ubuntu Server 20.04 with SSH.

Changing the 'Port' in /etc/ssh/sshd_config to 7722 starts sshd on port 7722 and NOT on port 22, just like you said, Simon. BUT:

Rename sshd_config to something_else and replace sshd_config with two lines to include the original config (now called something_else) and set the Port to 7722:

systemctl stop ssh
mv /etc/ssh/sshd_config /etc/ssh/something_else
cat > /etc/ssh/sshd_config <<EOF
Include /etc/ssh/something_else
Port 7722
EOF
systemctl start ssh
systemctl status ssh
# restore the original config:
mv /etc/ssh/something_else /etc/ssh/sshd_config

Which will show:

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2020-05-02 15:31:37 UTC; 13s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 45261 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 45271 (sshd)
      Tasks: 1 (limit: 18457)
     Memory: 1.3M
     CGroup: /system.slice/ssh.service
             └─45271 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

May 02 15:31:37 cabernet systemd[1]: Starting OpenBSD Secure Shell server...
May 02 15:31:37 cabernet sshd[45271]: Server listening on 0.0.0.0 port 7722.
May 02 15:31:37 cabernet sshd[45271]: Server listening on :: port 7722.
May 02 15:31:37 cabernet sshd[45271]: Server listening on 0.0.0.0 port 22.
May 02 15:31:37 cabernet sshd[45271]: Server listening on :: port 22.
May 02 15:31:37 cabernet systemd[1]: Started OpenBSD Secure Shell server.

So, NOW it will have ports 22 AND 7722 open!

If one sets debug level 3 in /etc/default/ssh (SSHD_OPTS="-d -d -d"), syslog will show that 'something_else' is read from line 1 in sshd_config and that the Port is set afterwards (and not anywhere in /etc/ssh/something_else).

May 2 15:34:01 cabernet systemd[1]: Stopping OpenBSD Secure Shell server...
May 2 15:34:01 cabernet systemd[1]: ssh.service: Succeeded.
May 2 15:34:01 cabernet systemd[1]: Stopped OpenBSD Secure Shell server.
May 2 15:34:01 cabernet systemd[1]: Starting OpenBSD Secure Shell server...
May 2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: filename /etc/ssh/sshd_config
May 2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: done config len = 43
May 2 15:34:01 cabernet sshd[45345]: debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 43
May 2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/sshd_config line 1: new include /etc/ssh/something_else
May 2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/sshd_config line 1: including /etc/ssh/something_else
May 2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: filename /etc/ssh/something_else
May 2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: done config len = 296
May 2 15:34:01 cabernet sshd[45345]: debug2: parse_server_config_depth: config /etc/ssh/something_else len 296
May 2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/something_else line 13: new include /etc/ssh/sshd_config.d/*.conf
May 2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/something_else line 13: no match for /etc/ssh/sshd_config.d/*.conf
May 2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:63 setting ChallengeResponseAuthentication no
May 2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:86 setting UsePAM yes
May 2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:91 setting X11Forwarding yes
May 2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:95 setting PrintMotd no
May 2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:113 setting AcceptEnv LANG LC_*
May 2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:116 setting Subsystem sftp#011/usr/lib/openssh/sftp-server
May 2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/sshd_config:2 setting Port 7722
May 2 15:34:01 cabernet sshd[45345]: debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1f 31 Mar 2020
May 2 15:34:01 cabernet sshd[45345]: debug1: private host key #0: ssh-rsa SHA256:wiRec7mI3CIkcHIwvlEC137Ak+aZzEPocrwYHZtEn7M
May 2 15:34:01 cabernet sshd[45345]: debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:qdlfKdKcW/T2Rm13DFa6KqHRxCwZNxPZPV/0nu1/uDM
May 2 15:34:01 cabernet sshd[45345]: debug1: private host key #2: ssh-ed25519 SHA256:RqHjOSrBKft8jayVulIKh/y7EGkmFE+acxTLOPd4HOc
May 2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[0]='/usr/sbin/sshd'
May 2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[1]='-D'
May 2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[2]='-d'
May 2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[3]='-d'
May 2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[4]='-d'
May 2 15:34:01 cabernet sshd[45345]: debug3: already daemonized
May 2 15:34:01 cabernet sshd[45345]: debug3: oom_adjust_setup
May 2 15:34:01 cabernet sshd[45345]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
May 2 15:34:01 cabernet sshd[45345]: debug2: fd 3 setting O_NONBLOCK
May 2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 7722 on 0.0.0.0.
May 2 15:34:01 cabernet sshd[45345]: Server listening on 0.0.0.0 port 7722.
May 2 15:34:01 cabernet sshd[45345]: debug2: fd 4 setting O_NONBLOCK
May 2 15:34:01 cabernet sshd[45345]: debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
May 2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 7722 on ::.
May 2 15:34:01 cabernet sshd[45345]: Server listening on :: port 7722.
May 2 15:34:01 cabernet sshd[45345]: debug2: fd 5 setting O_NONBLOCK
May 2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 22 on 0.0.0.0.
May 2 15:34:01 cabernet sshd[45345]: Server listening on 0.0.0.0 port 22.
May 2 15:34:01 cabernet sshd[45345]: debug2: fd 6 setting O_NONBLOCK
May 2 15:34:01 cabernet sshd[45345]: debug3: sock_set_v6only: set socket 6 IPV6_V6ONLY
May 2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 22 on ::.
May 2 15:34:01 cabernet sshd[45345]: Server listening on :: port 22.
May 2 15:34:01 cabernet systemd[1]: Started OpenBSD Secure Shell server.

I have read the source code for sshd, but I cannot find the 'obvious' place where this goes wrong, although the juggling of the options structure in process_config_line_depth() (in readconf.c) may have something to do with it.

This bug probably won't affect too many people. Given that I have already found a work-around and that I will now look into the 'Match' keyword (which I was not aware of) to avoid running two daemons, I suggest handling this issue at a low priority.

(Yes, my private keys are visible. This temporary install is not accessible from the internet and will be scrapped in a few hours anyway.)

Thank you Simon and Seth, for your quick response. I have looked into this further by installing a virgin Ubuntu Server 20.04 with SSH.

Changing the 'Port' in /etc/ssh/sshd_config to 7722 starts sshd on port 7722 and NOT on port 22, just like you said, Simon. BUT:

Rename sshd_config to something_else and replace sshd_config with two lines to include the original config (now called something_else) and set the Port to 7722:

Which will show:

So, NOW it will have ports 22 AND 7722 open!

May  2 15:34:01 cabernet systemd[1]: Stopping OpenBSD Secure Shell server...
May  2 15:34:01 cabernet systemd[1]: ssh.service: Succeeded.
May  2 15:34:01 cabernet systemd[1]: Stopped OpenBSD Secure Shell server.
May  2 15:34:01 cabernet systemd[1]: Starting OpenBSD Secure Shell server...
May  2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: filename /etc/ssh/sshd_config
May  2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: done config len = 43
May  2 15:34:01 cabernet sshd[45345]: debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 43
May  2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/sshd_config line 1: new include /etc/ssh/something_else
May  2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/sshd_config line 1: including /etc/ssh/something_else
May  2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: filename /etc/ssh/something_else
May  2 15:34:01 cabernet sshd[45345]: debug2: load_server_config: done config len = 296
May  2 15:34:01 cabernet sshd[45345]: debug2: parse_server_config_depth: config /etc/ssh/something_else len 296
May  2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/something_else line 13: new include /etc/ssh/sshd_config.d/*.conf
May  2 15:34:01 cabernet sshd[45345]: debug2: /etc/ssh/something_else line 13: no match for /etc/ssh/sshd_config.d/*.conf
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:63 setting ChallengeResponseAuthentication no
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:86 setting UsePAM yes
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:91 setting X11Forwarding yes
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:95 setting PrintMotd no
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:113 setting AcceptEnv LANG LC_*
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/something_else:116 setting Subsystem sftp#011/usr/lib/openssh/sftp-server
May  2 15:34:01 cabernet sshd[45345]: debug3: /etc/ssh/sshd_config:2 setting Port 7722
May  2 15:34:01 cabernet sshd[45345]: debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1f  31 Mar 2020
May  2 15:34:01 cabernet sshd[45345]: debug1: private host key #0: ssh-rsa SHA256:wiRec7mI3CIkcHIwvlEC137Ak+aZzEPocrwYHZtEn7M
May  2 15:34:01 cabernet sshd[45345]: debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:qdlfKdKcW/T2Rm13DFa6KqHRxCwZNxPZPV/0nu1/uDM
May  2 15:34:01 cabernet sshd[45345]: debug1: private host key #2: ssh-ed25519 SHA256:RqHjOSrBKft8jayVulIKh/y7EGkmFE+acxTLOPd4HOc
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[0]='/usr/sbin/sshd'
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[1]='-D'
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[2]='-d'
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[3]='-d'
May  2 15:34:01 cabernet sshd[45345]: debug1: rexec_argv[4]='-d'
May  2 15:34:01 cabernet sshd[45345]: debug3: already daemonized
May  2 15:34:01 cabernet sshd[45345]: debug3: oom_adjust_setup
May  2 15:34:01 cabernet sshd[45345]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
May  2 15:34:01 cabernet sshd[45345]: debug2: fd 3 setting O_NONBLOCK
May  2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 7722 on 0.0.0.0.
May  2 15:34:01 cabernet sshd[45345]: Server listening on 0.0.0.0 port 7722.
May  2 15:34:01 cabernet sshd[45345]: debug2: fd 4 setting O_NONBLOCK
May  2 15:34:01 cabernet sshd[45345]: debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
May  2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 7722 on ::.
May  2 15:34:01 cabernet sshd[45345]: Server listening on :: port 7722.
May  2 15:34:01 cabernet sshd[45345]: debug2: fd 5 setting O_NONBLOCK
May  2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 22 on 0.0.0.0.
May  2 15:34:01 cabernet sshd[45345]: Server listening on 0.0.0.0 port 22.
May  2 15:34:01 cabernet sshd[45345]: debug2: fd 6 setting O_NONBLOCK
May  2 15:34:01 cabernet sshd[45345]: debug3: sock_set_v6only: set socket 6 IPV6_V6ONLY
May  2 15:34:01 cabernet sshd[45345]: debug1: Bind to port 22 on ::.
May  2 15:34:01 cabernet sshd[45345]: Server listening on :: port 22.
May  2 15:34:01 cabernet systemd[1]: Started OpenBSD Secure Shell server.

(Yes, my private keys are visible. This temporary install is not accessible from the internet and will be scrapped in a few hours anyway.)

Ubuntuopenssh package

Comment 4 for bug 1876320

Ubuntu
openssh package