Ubuntu
openssh package

Merge ~enr0n/ubuntu/+source/openssh:merge-lp2018094-mantic into ubuntu/+source/openssh:debian/sid

  1. Git
  2. lp:~enr0n/ubuntu/+source/openssh
  3. merge-lp2018094-mantic
  4. Merge into debian/sid
Proposed by Nick Rosbrook
Status: Needs review
Proposed branch: ~enr0n/ubuntu/+source/openssh:merge-lp2018094-mantic
Merge into: ubuntu/+source/openssh:debian/sid
Diff against target: 1605 lines (+1016/-107)
30 files modified
debian/README.Debian (+10/-17)
debian/changelog (+133/-0)
debian/control (+2/-1)
debian/openssh-server.postinst (+192/-6)
debian/openssh-server.postrm (+4/-0)
debian/openssh-server.templates (+12/-0)
debian/openssh-server.tmpfile (+2/-0)
debian/openssh-server.ucf-md5sum (+24/-0)
debian/patches/series (+1/-0)
debian/patches/socket-activation-documentation.patch (+50/-0)
debian/patches/systemd-socket-activation.patch (+152/-44)
debian/po/cs.po (+26/-1)
debian/po/da.po (+26/-1)
debian/po/de.po (+26/-1)
debian/po/es.po (+26/-1)
debian/po/fr.po (+26/-1)
debian/po/it.po (+26/-1)
debian/po/ja.po (+26/-1)
debian/po/nl.po (+26/-1)
debian/po/pt.po (+26/-1)
debian/po/pt_BR.po (+26/-1)
debian/po/ru.po (+28/-3)
debian/po/sv.po (+26/-1)
debian/po/templates.pot (+27/-2)
debian/po/tr.po (+27/-2)
debian/rules (+3/-2)
debian/systemd/ssh.service (+0/-2)
debian/tests/control (+6/-0)
debian/tests/systemd-socket-activation (+57/-0)
dev/null (+0/-17)
Reviewer Review Type Date Requested Status
Steve Langasek (community) Approve
Review via email: mp+443364@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Steve Langasek (vorlon) :
review: Needs Information
Reply
Revision history for this message
Nick Rosbrook (enr0n) :
Reply
Revision history for this message
Steve Langasek (vorlon) :
review: Approve
Reply

Unmerged commits

f4a0129... by Nick Rosbrook

changelog

988a629... by Nick Rosbrook

update-maintainer

2c2be41... by Nick Rosbrook

reconstruct-changelog

f788eb2... by Nick Rosbrook

merge-changelogs

387eecd... by Nick Rosbrook

  * debian/openssh-server.ucf-md5sum: update for Ubuntu delta

182c872... by Nick Rosbrook

  * debian/README.Debian: mention drop-in configurations in instructions
    for disabling sshd socket activation (LP: #2017434).

409372d... by Nick Rosbrook

  * debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
    activation functionality.

a9ff51f... by Nick Rosbrook

  * debian/patches/systemd-socket-activation.patch: Fix sshd
    re-execution behavior when socket activation is used

2ff5428... by Nick Rosbrook

  * debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move
    /run/sshd creation out of the systemd unit to a tmpfile config so
    that sshd can be run manually if necessary without having to create
    this directory by hand.

17af9ff... by Nick Rosbrook

  * debian/openssh-server.ucf-md5sum: Update list of stock sshd_config
    checksums to include those from jammy and kinetic.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/.gitignore b/debian/.gitignore
2deleted file mode 100644
3index 988323b..0000000
4--- a/debian/.gitignore
5+++ /dev/null
6@@ -1,17 +0,0 @@
7-/*.debhelper*
8-/*substvars
9-/build-deb
10-/build-udeb
11-/files
12-/keygen-test/key1
13-/keygen-test/key1.pub
14-/keygen-test/key2
15-/keygen-test/key2.pub
16-/openssh-client
17-/openssh-client-udeb
18-/openssh-server
19-/openssh-server-udeb
20-/ssh
21-/ssh-askpass-gnome
22-/ssh-krb5
23-/tmp
24diff --git a/debian/README.Debian b/debian/README.Debian
25index 77d331b..83049c8 100644
26--- a/debian/README.Debian
27+++ b/debian/README.Debian
28@@ -184,23 +184,7 @@ this sshd manually on upgrades.
29 Socket-based activation with systemd
30 ------------------------------------
31
32-If you want to reconfigure systemd to listen on port 22 itself and launch
33-sshd on connection (systemd-style socket activation), then you can run:
34-
35- systemctl disable --now ssh.service
36- systemctl start ssh.socket
37-
38-To roll back this change, run:
39-
40- systemctl stop ssh.socket
41- systemctl enable --now ssh.service
42-
43-Or if you want to make this change permanent:
44-
45- systemctl enable ssh.socket
46-
47-This may be appropriate in environments where minimal footprint is critical
48-(e.g. cloud guests).
49+By default, socket-based activation is used on systems that use systemd.
50
51 The provided ssh.socket unit file sets ListenStream=22. If you need to have
52 it listen on a different address or port, then you will need to do this as
53@@ -215,6 +199,15 @@ follows (modifying ListenStream to match your requirements):
54
55 See systemd.socket(5) for details.
56
57+If you do not want to use socket activation for ssh on your system, you
58+can disable socket activation by running:
59+
60+ systemctl disable --now ssh.socket
61+ rm -f /etc/systemd/system/ssh.service.d/00-socket.conf
62+ rm -f /etc/systemd/system/ssh.service.d/addresses.conf
63+ systemctl daemon-reload
64+ systemctl enable --now ssh.service
65+
66 Terminating SSH sessions cleanly on shutdown/reboot with systemd
67 ----------------------------------------------------------------
68
69diff --git a/debian/changelog b/debian/changelog
70index c725f55..e883b37 100644
71--- a/debian/changelog
72+++ b/debian/changelog
73@@ -1,3 +1,37 @@
74+openssh (1:9.2p1-2ubuntu1) mantic; urgency=medium
75+
76+ * Merge with Debian unstable (LP: #2018094). Remaining changes:
77+ - debian/rules: modify dh_installsystemd invocations for
78+ socket-activated sshd
79+ - debian/openssh-server.postinst: handle migration of sshd_config options
80+ to systemd socket options on upgrade.
81+ - debian/README.Debian: document systemd socket activation.
82+ - debian/patches/socket-activation-documentation.patch: Document in
83+ sshd_config(5) that ListenAddress and Port no longer work.
84+ - debian/openssh-server.templates: include debconf prompt explaining
85+ when migration cannot happen due to multiple ListenAddress values
86+ - debian/.gitignore: drop file
87+ - debian/openssh-server.postrm: remove systemd drop-ins for
88+ socket-activated sshd on purge
89+ - debian/openssh-server.ucf-md5sum: Update list of stock sshd_config
90+ checksums to include those from jammy and kinetic.
91+ - debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move
92+ /run/sshd creation out of the systemd unit to a tmpfile config so
93+ that sshd can be run manually if necessary without having to create
94+ this directory by hand.
95+ - debian/patches/systemd-socket-activation.patch: Fix sshd
96+ re-execution behavior when socket activation is used
97+ - debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
98+ activation functionality.
99+ * Dropped changes, included in Debian:
100+ - debian/patches/systemd-socket-activation.patch: Initial implementation
101+ * New changes:
102+ - debian/README.Debian: mention drop-in configurations in instructions
103+ for disabling sshd socket activation (LP: #2017434).
104+ - debian/openssh-server.ucf-md5sum: update for Ubuntu delta
105+
106+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 19 May 2023 15:18:17 -0400
107+
108 openssh (1:9.2p1-2) unstable; urgency=medium
109
110 * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS.
111@@ -249,6 +283,105 @@ openssh (1:9.1p1-1) unstable; urgency=medium
112
113 -- Colin Watson <cjwatson@debian.org> Mon, 14 Nov 2022 16:25:45 +0000
114
115+openssh (1:9.0p1-1ubuntu8.1) lunar; urgency=medium
116+
117+ * debian/patches/systemd-socket-activation.patch: Fix re-execution behavior
118+ (LP: #2011458):
119+ - Remove FD_CLOEXEC on fds passed by systemd to prevent automatic closing
120+ when sshd re-executes.
121+ - Do not manually close fds passed by systemd when re-executing.
122+ - Only call sd_listen_fds() once, and only in the parent process.
123+ - Check the LISTEN_FDS environment variable to get the number of fds
124+ passed by systemd when re-executing as a child process.
125+ * debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
126+ activation functionality.
127+
128+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 31 Mar 2023 12:44:32 -0400
129+
130+openssh (1:9.0p1-1ubuntu8) lunar; urgency=medium
131+
132+ * debian/openssh-server.postinst: Fix handling of ListenAddress when a port
133+ is specified (LP: #1993478):
134+ - Strip port before converting hostnames to numerical addresses.
135+ - Only append ports when the ListenAddress does not already specify a
136+ port.
137+ - Revert socket migration on upgrade if a previous version did the
138+ migration when it should not have.
139+ * debian/openssh-server.postinst: Ignore empty directory failure from rmdir
140+ when skipping socket migration (LP: #1995294).
141+
142+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 25 Oct 2022 11:57:43 -0400
143+
144+openssh (1:9.0p1-1ubuntu7) kinetic; urgency=medium
145+
146+ * Update list of stock sshd_config checksums to include those from
147+ jammy and kinetic.
148+ * Add a workaround for LP: #1990863 (now fixed in livecd-rootfs) to
149+ avoid spurious ucf prompts on upgrade.
150+ * Move /run/sshd creation out of the systemd unit to a tmpfile config
151+ so that sshd can be run manually if necessary without having to create
152+ this directory by hand. LP: #1991283.
153+
154+ [ Nick Rosbrook ]
155+ * debian/openssh-server.postinst: Fix addresses.conf generation when only
156+ non-default Port is used in /etc/ssh/sshd_config (LP: #1991199).
157+
158+ -- Steve Langasek <vorlon@debian.org> Mon, 26 Sep 2022 21:55:14 +0000
159+
160+openssh (1:9.0p1-1ubuntu6) kinetic; urgency=medium
161+
162+ * Fix syntax error in postinst :/
163+
164+ -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:51:32 +0000
165+
166+openssh (1:9.0p1-1ubuntu5) kinetic; urgency=medium
167+
168+ * Correctly handle the case of new installs, and correctly apply systemd
169+ unit overrides on upgrade from existing kinetic systems.
170+
171+ -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:45:18 +0000
172+
173+openssh (1:9.0p1-1ubuntu4) kinetic; urgency=medium
174+
175+ * Don't migrate users to socket activation if multiple ListenAddresses
176+ might make sshd unreliable on boot.
177+ * Fix regexp bug that prevented proper migration of IPv6 address settings.
178+
179+ -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:35:37 +0000
180+
181+openssh (1:9.0p1-1ubuntu3) kinetic; urgency=medium
182+
183+ * Document in the default sshd_config file the changes in behavior
184+ triggered by use of socket-based activation.
185+
186+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:40:11 +0000
187+
188+openssh (1:9.0p1-1ubuntu2) kinetic; urgency=medium
189+
190+ * Fix manpage to not claim socket-based activation is the default on
191+ Debian!
192+
193+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:21:42 +0000
194+
195+openssh (1:9.0p1-1ubuntu1) kinetic; urgency=medium
196+
197+ * debian/patches/systemd-socket-activation.patch: support systemd
198+ socket activation.
199+ * debian/systemd/ssh.socket, debian/systemd/ssh.service: use socket
200+ activation by default.
201+ * debian/rules: rejigger dh_installsystemd invocations so ssh.service and
202+ ssh.socket don't fight.
203+ * debian/openssh-server.postinst: handle migration of sshd_config options
204+ to systemd socket options on upgrade.
205+ * debian/README.Debian: document systemd socket activation.
206+ * debian/patches/socket-activation-documentation.patch: Document in
207+ sshd_config(5) that ListenAddress and Port no longer work.
208+ * debian/openssh-server.templates, debian/openssh-server.postinst: include
209+ debconf warning about possible service failure with multiple
210+ ListenAddress settings.
211+
212+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 19 Aug 2022 20:43:16 +0000
213+
214 openssh (1:9.0p1-1) unstable; urgency=medium
215
216 * New upstream release (https://www.openssh.com/releasenotes.html#9.0p1):
217diff --git a/debian/control b/debian/control
218index f3ed979..aa9cc2e 100644
219--- a/debian/control
220+++ b/debian/control
221@@ -1,7 +1,8 @@
222 Source: openssh
223 Section: net
224 Priority: standard
225-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
226+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
227+XSBC-Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
228 Build-Depends: debhelper (>= 13.1~),
229 debhelper-compat (= 13),
230 dh-exec,
231diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
232index d38695f..a9d5894 100644
233--- a/debian/openssh-server.postinst
234+++ b/debian/openssh-server.postinst
235@@ -20,6 +20,86 @@ get_config_option() {
236 /etc/ssh/sshd_config
237 }
238
239+get_config_option_all() {
240+ option="$1"
241+ file="$2"
242+
243+ if [ -z "$file" ]; then
244+ file=/etc/ssh/sshd_config
245+ fi
246+
247+ [ -f "$file" ] || return 0
248+ # ListenAddress and Port only take a single word argument so anything
249+ # after this must be a comment
250+ while read option2 value junk; do
251+ case $option2 in
252+ $option)
253+ echo $value
254+ ;;
255+ Include)
256+ # globs
257+ for f in $value; do
258+ get_config_option_all "$option" "$f"
259+ done
260+ ;;
261+ esac
262+ done < $file
263+}
264+
265+hostnames_to_addresses() {
266+ addresses="$1"
267+ for address in $addresses; do
268+ address_no_port="$(address_strip_port $address)"
269+ if echo "$address_no_port" | grep -q '^[0-9a-f:]\+$\|^[0-9.]\+$'; then
270+ numeric_addresses="$numeric_addresses $address"
271+ else
272+ new_addresses=$( (getent ahostsv4 $address_no_port;
273+ getent ahostsv6 $address_no_port) \
274+ | awk '$1 ~ /^::ffff:/ || $2 != "STREAM" { next; }
275+ $1 ~ /:/ { print "[" $1 "]"; next; }
276+ { print $1 }' \
277+ | sort -u)
278+ port="$(port_from_address $address)"
279+ if [ -n "$port" ]; then
280+ new_addresses="$(for addr in $new_addresses; do echo $addr:$port; done)"
281+ fi
282+ numeric_addresses="$numeric_addresses $new_addresses"
283+ fi
284+ done
285+ echo "$numeric_addresses"
286+}
287+
288+port_from_address() {
289+ address="$1"
290+ if echo $address | grep -q '^\[[0-9a-f:]*\]:'; then
291+ # This is an IPv6 address with a port.
292+ port="$(echo $address | awk -F':' '{print $NF}')"
293+ elif echo $address | grep -q '^\[[0-9a-f:]*\]\+$\|^[0-9a-f:]\+$'; then
294+ # This is an IPv6 address without a port.
295+ port=""
296+ else
297+ # This is an IPv4 address or hostname, where the port
298+ # may or may not be specified.
299+ port="$(echo $address | awk -F':' '{print $2}')"
300+ fi
301+ echo "$port"
302+}
303+
304+address_strip_port() {
305+ address="$1"
306+ if echo $address | grep -q '^\[[0-9a-f:]*\]\(:\|$\)'; then
307+ # This is an IPv6 address in brackets, with or without a port.
308+ address_no_port="$(echo $address | awk -F '[][]' '{print $2}')"
309+ elif echo $address | grep -q '^[0-9a-f:]\+$'; then
310+ # This is an IPv6 address with no brackets and no port.
311+ address_no_port="$address"
312+ else
313+ # This is an IPv4 address or hostname, where the port
314+ # may or may not be specified.
315+ address_no_port="$(echo $address | awk -F':' '{print $1}')"
316+ fi
317+ echo "$address_no_port"
318+}
319
320 host_keys_required() {
321 hostkeys="$(get_config_option HostKey)"
322@@ -71,15 +151,20 @@ create_keys() {
323
324
325 new_config=
326+workaround=
327
328 cleanup() {
329 if [ "$new_config" ]; then
330 rm -f "$new_config"
331 fi
332+ if [ "$workaround" ]; then
333+ rm -f "$workaround"
334+ fi
335 }
336
337
338 create_sshdconfig() {
339+ prev_ver="$1"
340 # XXX cjwatson 2016-12-24: This debconf template is very confusingly
341 # named; its description is "Disable SSH password authentication for
342 # root?", so true -> prohibit-password (the upstream default),
343@@ -101,6 +186,21 @@ create_sshdconfig() {
344 "$new_config"
345 fi
346 mkdir -pZ /etc/ssh
347+
348+ # Workaround for LP: #1968873: if we have an sshd_config with a known
349+ # checksum, confirm it via ucf before applying the changes from
350+ # the new version.
351+ if dpkg --compare-versions "$prev_ver" lt-nl 1:9.0p1-1ubuntu7 \
352+ && grep -q "^$(md5sum /etc/ssh/sshd_config | awk '{ print $1 }')" \
353+ /usr/share/openssh/sshd_config.md5sum
354+ then
355+ workaround="$(mktemp)"
356+ sed -e'14,16d' "$new_config" > "$workaround"
357+ ucf --three-way --debconf-ok \
358+ --sum-file /usr/share/openssh/sshd_config.md5sum \
359+ "$workaround" /etc/ssh/sshd_config
360+ fi
361+
362 ucf --three-way --debconf-ok \
363 --sum-file /usr/share/openssh/sshd_config.md5sum \
364 "$new_config" /etc/ssh/sshd_config
365@@ -114,7 +214,7 @@ setup_sshd_user() {
366 }
367
368 if [ "$action" = configure ]; then
369- create_sshdconfig
370+ create_sshdconfig "$2"
371 create_keys
372 setup_sshd_user
373 if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \
374@@ -127,18 +227,104 @@ if [ "$action" = configure ]; then
375 # which we now move back into place.
376 mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli
377 fi
378- if dpkg --compare-versions "$2" lt-nl 1:9.1p1-1~ && \
379- deb-systemd-helper --quiet was-enabled ssh.socket && \
380- [ -d /run/systemd/system ]
381+ if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu8~
382 then
383 # migrate to systemd socket activation.
384- systemctl unmask ssh.service
385- systemctl disable ssh.service
386+ addresses=$(get_config_option_all ListenAddress)
387+ addresses=$(hostnames_to_addresses "$addresses")
388+ ports=$(get_config_option_all Port)
389+ if [ -n "$addresses$ports" ]
390+ then
391+ override_dir=/etc/systemd/system/ssh.socket.d
392+ mkdir -p "$override_dir"
393+ echo '[Socket]' > "$override_dir"/addresses.conf.new
394+ echo 'ListenStream=' >> "$override_dir"/addresses.conf.new
395+ fi
396+ if [ -n "$addresses" ]; then
397+ [ -n "$ports" ] || ports=22
398+ count=0
399+ for address in $addresses; do
400+ count=$((count+1))
401+ port_from_address="$(port_from_address $address)"
402+ if [ -z "$port_from_address" ]; then
403+ for port in $ports; do
404+ echo "ListenStream=$address:$port" \
405+ >> "$override_dir"/addresses.conf.new
406+ done
407+ else
408+ echo "ListenStream=$address" \
409+ >> "$override_dir"/addresses.conf.new
410+ fi
411+ done
412+ if [ $count -gt 1 ]; then
413+ db_input critical openssh-server/listenstream-may-fail || true
414+ db_go || true
415+ rm -f "$override_dir"/addresses.conf.new
416+ rmdir --ignore-fail-on-non-empty "$override_dir"
417+ NO_SOCKET_MIGRATION=1
418+ fi
419+ elif [ -n "$ports" ]; then
420+ for port in $ports; do
421+ echo "ListenStream=$port" \
422+ >> "$override_dir"/addresses.conf.new
423+ done
424+ fi
425+
426+ if [ -z "$NO_SOCKET_MIGRATION" ] && [ -n "$addresses$ports" ]
427+ then
428+ mv "$override_dir"/addresses.conf.new \
429+ "$override_dir"/addresses.conf
430+ fi
431+ fi
432+ if dpkg --compare-versions "$2" lt 1:9.0p1-1ubuntu5~; then
433+ if [ -z "$NO_SOCKET_MIGRATION" ]; then
434+ override_dir=/etc/systemd/system/ssh.service.d
435+ mkdir -p "$override_dir"
436+ echo '[Unit]' > "$override_dir"/00-socket.conf
437+ echo 'After=ssh.socket' >> "$override_dir"/00-socket.conf
438+ echo 'Requires=ssh.socket' >> "$override_dir"/00-socket.conf
439+
440+ # deb-systemd-helper is inadequate for the task of
441+ # changing policy for the units on upgrade
442+ if [ -d /run/systemd/system ]; then
443+ systemctl daemon-reload
444+ systemctl disable ssh.service
445+ systemctl unmask ssh.service
446+ systemctl stop ssh.service
447+ systemctl enable ssh.socket
448+ fi
449+ fi
450 fi
451+
452+ # Revert socket migration if we can determine the user hit
453+ # LP: #1993478.
454+ if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu7~ \
455+ && [ -e /etc/systemd/system/ssh.socket.d/addresses.conf ] \
456+ && [ -e /etc/systemd/system/ssh.service.d/00-socket.conf ] \
457+ && [ -n "$NO_SOCKET_MIGRATION" ]; then
458+ rm /etc/systemd/system/ssh.socket.d/addresses.conf
459+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.socket.d
460+ rm /etc/systemd/system/ssh.service.d/00-socket.conf
461+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.service.d
462+ if [ -d /run/systemd/system ]; then
463+ systemctl daemon-reload
464+ systemctl disable ssh.socket
465+ systemctl stop ssh.socket
466+ systemctl enable ssh.service
467+ fi
468+ fi
469 fi
470
471 #DEBHELPER#
472
473+if [ -d /run/systemd/system ]; then
474+ if deb-systemd-helper --quiet was-enabled ssh.socket; then
475+ deb-systemd-invoke restart ssh.socket
476+ elif deb-systemd-helper --quiet was-enabled ssh.service; then
477+ deb-systemd-invoke restart ssh.service
478+ fi
479+fi
480+
481 db_stop
482
483 exit 0
484diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
485index fbaeb17..46798dd 100644
486--- a/debian/openssh-server.postrm
487+++ b/debian/openssh-server.postrm
488@@ -23,6 +23,10 @@ case $1 in
489 if command -v ucfr >/dev/null 2>&1; then
490 ucfr --purge openssh-server /etc/ssh/sshd_config
491 fi
492+ rm -f /etc/systemd/system/ssh.service.d/00-socket.conf
493+ rm -f /etc/systemd/system/ssh.socket.d/addresses.conf
494+ rmdir /etc/systemd/system/ssh.service.d || true
495+ rmdir /etc/systemd/system/ssh.socket.d || true
496 rm -f /etc/ssh/sshd_not_to_be_run
497 [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh
498
499diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates
500index e071fe3..31f2935 100644
501--- a/debian/openssh-server.templates
502+++ b/debian/openssh-server.templates
503@@ -21,3 +21,15 @@ Description: Allow password authentication?
504 By default, the SSH server will allow authenticating using a password.
505 You may want to change this if all users on this system authenticate using
506 a stronger authentication method, such as public keys.
507+
508+Template: openssh-server/listenstream-may-fail
509+Type: error
510+_Description: Not migrating to socket activation
511+ This version of openssh-server uses socket-based activation by default.
512+ However, because you have more than one ListenAddress configured in
513+ sshd_config, it is impossible to determine at upgrade time if migrating
514+ you to socket-based activation would cause the starting of sshd at boot
515+ to be unreliable.
516+ .
517+ Because a failure to start ssh may make it impossible to admininister a
518+ system, you will not be migrated to socket-based activation at this time.
519diff --git a/debian/openssh-server.tmpfile b/debian/openssh-server.tmpfile
520new file mode 100644
521index 0000000..76c6323
522--- /dev/null
523+++ b/debian/openssh-server.tmpfile
524@@ -0,0 +1,2 @@
525+#Type Path Mode UID GID Age Arguments
526+D /run/sshd 0755 root root - -
527diff --git a/debian/openssh-server.ucf-md5sum b/debian/openssh-server.ucf-md5sum
528index 3a9dc23..9a8efb6 100644
529--- a/debian/openssh-server.ucf-md5sum
530+++ b/debian/openssh-server.ucf-md5sum
531@@ -103,8 +103,32 @@ cc873ab3ccc9cf3a3830c3c0728c0d0b
532 9f1bec115595c0f76282d80abe5d9bcc
533 ae1a449c8adb31cb603e28fda5342696
534
535+# From 1:8.4p1-5
536+6dbdc3a27e1953d209f929df7aff0c57
537+0ef8c8fe6a3afd12382dbb93cd7bbb4e
538+ae1a449c8adb31cb603e28fda5342696
539+9f1bec115595c0f76282d80abe5d9bcc
540+
541 # From 1:8.7p1-1:
542 fe83fd23553510bb632dc8e6e35ab41a
543 d96ecd9064ea650c44372a5a33d3e497
544 7fdb195ac56e0bf1992e18ac656811af
545 4e03b4df60cd00c651777ec14ff76aef
546+
547+# From 1:8.9p1-3
548+30e0fe758429c57d35a5e71dbd8dd2f8
549+23a8a2b1a8f1538be49eb86313367191
550+133f5f0119fbf5716b7d72048b25ea71
551+697a81708f11897cb0fef857563dee55
552+
553+# From 1:9.0p1-1ubuntu3
554+90ace5da6c7eb3041732930972662f34
555+b2c07b86695152141e84f44e4414104a
556+e7b9120b6e68c5666ac21a0cc03d4806
557+9389be84e67cd5a91b97de5ff03c9306
558+
559+# From 1:9.2p1-2ubuntu1
560+fac56840f6697a357368bb878dd8fb87
561+d01da8c9de75176095712d4e37d5dcd5
562+e4898846045f33b8d99d3263d6f6fd81
563+ec46dc59ba9c9e9458add405264fcedd
564diff --git a/debian/patches/series b/debian/patches/series
565index cbbfc88..e7e2a9c 100644
566--- a/debian/patches/series
567+++ b/debian/patches/series
568@@ -26,3 +26,4 @@ maxhostnamelen.patch
569 conch-ssh-rsa.patch
570 systemd-socket-activation.patch
571 remove-spurious-ssh-agent-options.patch
572+socket-activation-documentation.patch
573diff --git a/debian/patches/socket-activation-documentation.patch b/debian/patches/socket-activation-documentation.patch
574new file mode 100644
575index 0000000..9afde55
576--- /dev/null
577+++ b/debian/patches/socket-activation-documentation.patch
578@@ -0,0 +1,50 @@
579+Index: openssh-9.0p1/sshd_config.5
580+===================================================================
581+--- openssh-9.0p1.orig/sshd_config.5
582++++ openssh-9.0p1/sshd_config.5
583+@@ -1069,6 +1069,15 @@
584+ Multiple
585+ .Cm ListenAddress
586+ options are permitted.
587++.Pp
588++.Cm Note:
589++On Ubuntu, the openssh-server package is configured to use systemd
590++socket-based activation by default. Therefore if you are using systemd with
591++the default configuration,
592++.Cm ListenAddress
593++options will not be honored. Address configuration must be handled in
594++.Pa /etc/systemd/system/ssh.socket.d
595++instead.
596+ .It Cm LoginGraceTime
597+ The server disconnects after this time if the user has not
598+ successfully logged in.
599+@@ -1520,6 +1529,15 @@
600+ Multiple options of this type are permitted.
601+ See also
602+ .Cm ListenAddress .
603++.Pp
604++.Cm Note:
605++On Ubuntu, the openssh-server package is configured to use systemd
606++socket-based activation by default. Therefore if you are using systemd with
607++the default configuration,
608++.Cm Port
609++options will not be honored. Address configuration must be handled in
610++.Pa /etc/systemd/system/ssh.socket.d
611++instead.
612+ .It Cm PrintLastLog
613+ Specifies whether
614+ .Xr sshd 8
615+Index: openssh-9.0p1/sshd_config
616+===================================================================
617+--- openssh-9.0p1.orig/sshd_config
618++++ openssh-9.0p1/sshd_config
619+@@ -12,6 +12,9 @@
620+
621+ Include /etc/ssh/sshd_config.d/*.conf
622+
623++# Port and ListenAddress options are not used when sshd is socket-activated,
624++# which is now the default in Ubuntu. See sshd_config(5) and
625++# /usr/share/doc/openssh-server/README.Debian.gz for details.
626+ #Port 22
627+ #AddressFamily any
628+ #ListenAddress 0.0.0.0
629diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch
630index 5441622..3bfa116 100644
631--- a/debian/patches/systemd-socket-activation.patch
632+++ b/debian/patches/systemd-socket-activation.patch
633@@ -1,47 +1,72 @@
634-From 4cedd1c9acac0fba598db2eaf43278dfe8e53ef0 Mon Sep 17 00:00:00 2001
635-From: Steve Langasek <steve.langasek@ubuntu.com>
636-Date: Thu, 1 Sep 2022 16:03:37 +0100
637-Subject: Support systemd socket activation
638+Description: support systemd socket activation
639+ Unlike inetd socket activation, with systemd socket activation the
640+ supervisor passes the listened-on socket to the child process and lets
641+ the child process handle the accept(). This lets us do delayed start
642+ of the sshd daemon without becoming incompatible with config options
643+ like ClientAliveCountMax.
644+Author: Steve Langasek <steve.langasek@ubuntu.com>
645+Author: Nick Rosbrook <nick.rosbrook@canonical.com>
646+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2011458
647+Last-Update: 2023-04-17
648
649-Unlike inetd socket activation, with systemd socket activation the
650-supervisor passes the listened-on socket to the child process and lets
651-the child process handle the accept(). This lets us do delayed start
652-of the sshd daemon without becoming incompatible with config options
653-like ClientAliveCountMax.
654-
655-Last-Update: 2022-09-01
656-
657-Patch-Name: systemd-socket-activation.patch
658----
659- sshd.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++---------
660- 1 file changed, 75 insertions(+), 14 deletions(-)
661-
662-diff --git a/sshd.c b/sshd.c
663-index 0a4eefe01..fc22fcb62 100644
664 --- a/sshd.c
665 +++ b/sshd.c
666-@@ -141,10 +141,16 @@ int deny_severity;
667+@@ -140,11 +140,14 @@
668+ int deny_severity;
669 #endif /* LIBWRAP */
670
671++/* This will only get set if we build with systemd. */
672++static int systemd_num_listen_fds;
673++
674 /* Re-exec fds */
675 -#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
676 -#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
677 -#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
678 -#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
679-+#ifdef HAVE_SYSTEMD
680-+#define SYSTEMD_OFFSET sd_listen_fds(0)
681-+#else
682-+#define SYSTEMD_OFFSET 0
683-+#endif
684-+
685-+#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + SYSTEMD_OFFSET)
686-+#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + SYSTEMD_OFFSET)
687-+#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + SYSTEMD_OFFSET)
688-+#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + SYSTEMD_OFFSET)
689++#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + systemd_num_listen_fds)
690++#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + systemd_num_listen_fds)
691++#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + systemd_num_listen_fds)
692++#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + systemd_num_listen_fds)
693
694 extern char *__progname;
695
696-@@ -1025,6 +1031,48 @@ server_accept_inetd(int *sock_in, int *sock_out)
697+@@ -195,6 +198,7 @@
698+ */
699+ #define MAX_LISTEN_SOCKS 16
700+ static int listen_socks[MAX_LISTEN_SOCKS];
701++static int listen_socks_no_close[MAX_LISTEN_SOCKS];
702+ static int num_listen_socks = 0;
703+
704+ /* Daemon's agent connection */
705+@@ -280,12 +284,16 @@
706+ * Close all listening sockets
707+ */
708+ static void
709+-close_listen_socks(void)
710++close_listen_socks(int force)
711+ {
712+ int i;
713+
714+- for (i = 0; i < num_listen_socks; i++)
715++ for (i = 0; i < num_listen_socks; i++) {
716++ if (listen_socks_no_close[i] > 0 && force <= 0)
717++ continue;
718++
719+ close(listen_socks[i]);
720++ }
721+ num_listen_socks = 0;
722+ }
723+
724+@@ -324,7 +332,7 @@
725+ if (options.pid_file != NULL)
726+ unlink(options.pid_file);
727+ platform_pre_restart();
728+- close_listen_socks();
729++ close_listen_socks(/* force = */ 0);
730+ close_startup_pipes();
731+ ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */
732+ execv(saved_argv[0], saved_argv);
733+@@ -1033,6 +1041,65 @@
734 debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out);
735 }
736
737@@ -52,7 +77,7 @@ index 0a4eefe01..fc22fcb62 100644
738 +static void
739 +setup_systemd_socket(int listen_sock)
740 +{
741-+ int ret;
742++ int flags, ret;
743 + struct sockaddr_storage addr;
744 + socklen_t len = sizeof(addr);
745 + char ntop[NI_MAXHOST], strport[NI_MAXSERV];
746@@ -77,10 +102,27 @@ index 0a4eefe01..fc22fcb62 100644
747 + close(listen_sock);
748 + return;
749 + }
750++
751 + /* Socket options */
752 + set_reuseaddr(listen_sock);
753 +
754++ /* systemd sets FD_CLOEXEC on the fds it passes to us, but we need this
755++ * to stay open across re-exec. */
756++ flags = fcntl(listen_sock, F_GETFD);
757++ if (flags < 0) {
758++ error("Failed to get fd flags: %s", strerror(errno));
759++ close(listen_sock);
760++ return;
761++ }
762++
763++ if (fcntl(listen_sock, F_SETFD, flags & ~FD_CLOEXEC) < 0) {
764++ error("Failed to clear FD_CLOEXEC flag: %s", strerror(errno));
765++ close(listen_sock);
766++ return;
767++ }
768++
769 + listen_socks[num_listen_socks] = listen_sock;
770++ listen_socks_no_close[num_listen_socks] = 1;
771 + num_listen_socks++;
772 +
773 + logit("Server listening on %s port %s.", ntop, strport);
774@@ -90,15 +132,7 @@ index 0a4eefe01..fc22fcb62 100644
775 /*
776 * Listen for TCP connections
777 */
778-@@ -1104,22 +1152,35 @@ static void
779- server_listen(void)
780- {
781- u_int i;
782-+#ifdef HAVE_SYSTEMD
783-+ int systemd_socket_count;
784-+#endif
785-
786- /* Initialise per-source limit tracking. */
787+@@ -1117,17 +1184,26 @@
788 srclimit_init(options.max_startups, options.per_source_max_startups,
789 options.per_source_masklen_ipv4, options.per_source_masklen_ipv6);
790
791@@ -109,11 +143,10 @@ index 0a4eefe01..fc22fcb62 100644
792 - memset(&options.listen_addrs[i], 0,
793 - sizeof(options.listen_addrs[i]));
794 +#ifdef HAVE_SYSTEMD
795-+ systemd_socket_count = sd_listen_fds(0);
796-+ if (systemd_socket_count > 0)
797++ if (systemd_num_listen_fds > 0)
798 + {
799 + int i;
800-+ for (i = 0; i < systemd_socket_count; i++)
801++ for (i = 0; i < systemd_num_listen_fds; i++)
802 + setup_systemd_socket(SD_LISTEN_FDS_START + i);
803 + } else
804 +#endif
805@@ -136,3 +169,78 @@ index 0a4eefe01..fc22fcb62 100644
806 if (!num_listen_socks)
807 fatal("Cannot bind any address.");
808 }
809+@@ -1182,7 +1258,7 @@
810+ if (received_sigterm) {
811+ logit("Received signal %d; terminating.",
812+ (int) received_sigterm);
813+- close_listen_socks();
814++ close_listen_socks(/* force = */ 1);
815+ if (options.pid_file != NULL)
816+ unlink(options.pid_file);
817+ exit(received_sigterm == SIGTERM ? 0 : 255);
818+@@ -1196,7 +1272,7 @@
819+ if (received_sighup) {
820+ if (!lameduck) {
821+ debug("Received SIGHUP; waiting for children");
822+- close_listen_socks();
823++ close_listen_socks(/* force = */ 0);
824+ lameduck = 1;
825+ }
826+ if (listening <= 0) {
827+@@ -1319,7 +1395,7 @@
828+ * connection without forking.
829+ */
830+ debug("Server will not fork when running in debugging mode.");
831+- close_listen_socks();
832++ close_listen_socks(/* force = */ 0);
833+ *sock_in = *newsock;
834+ *sock_out = *newsock;
835+ close(startup_p[0]);
836+@@ -1353,7 +1429,7 @@
837+ platform_post_fork_child();
838+ startup_pipe = startup_p[1];
839+ close_startup_pipes();
840+- close_listen_socks();
841++ close_listen_socks(/* force = */ 0);
842+ *sock_in = *newsock;
843+ *sock_out = *newsock;
844+ log_init(__progname,
845+@@ -1701,6 +1777,38 @@
846+ break;
847+ }
848+ }
849++
850++#ifdef HAVE_SYSTEMD
851++ /* We should call sd_listen_fds() exactly once, and only in the parent
852++ * process.
853++ *
854++ * If the parent calls sd_listen_fds() more than once, then FD_CLOEXEC
855++ * will be re-configured for the passed fds, which will cause problems
856++ * during re-execution. The FD_CLOEXEC flag will be cleared by
857++ * setup_systemd_socket().
858++ *
859++ * If the child calls sd_listen_fds(), it will return 0 because it will
860++ * compare our pid to the LISTEN_PID environment variable, and only
861++ * return LISTEN_FDS if they match. Thus, when we are a child process,
862++ * check the LISTEN_FDS ourselves. */
863++ if (rexeced_flag) {
864++ const char* s = getenv("LISTEN_FDS");
865++ if (s && s[0] != '\0') {
866++ errno = 0;
867++ r = (int)strtonum(s, 0, MAX_LISTEN_SOCKS, NULL);
868++ if (errno > 0)
869++ fatal("Failed to parse LISTEN_FDS: %s", strerror(errno));
870++ } else
871++ r = 0;
872++ } else {
873++ r = sd_listen_fds(0);
874++ if (r < 0)
875++ fatal("Failed to get systemd socket fds: %s", strerror(-r));
876++ }
877++
878++ systemd_num_listen_fds = r;
879++#endif
880++
881+ if (rexeced_flag || inetd_flag)
882+ rexec_flag = 0;
883+ if (!test_flag && rexec_flag && !path_absolute(av[0]))
884diff --git a/debian/po/cs.po b/debian/po/cs.po
885index d01e0ff..21b4c7b 100644
886--- a/debian/po/cs.po
887+++ b/debian/po/cs.po
888@@ -7,7 +7,7 @@ msgid ""
889 msgstr ""
890 "Project-Id-Version: openssh 1:6.6p1-1\n"
891 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
892-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
893+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
894 "PO-Revision-Date: 2014-06-12 12:25+0200\n"
895 "Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n"
896 "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
897@@ -53,3 +53,28 @@ msgstr ""
898 "poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se "
899 "přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby "
900 "byste měli provést pouze pokud ověřování heslem potřebujete."
901+
902+#. Type: error
903+#. Description
904+#: ../openssh-server.templates:3001
905+msgid "Not migrating to socket activation"
906+msgstr ""
907+
908+#. Type: error
909+#. Description
910+#: ../openssh-server.templates:3001
911+msgid ""
912+"This version of openssh-server uses socket-based activation by default. "
913+"However, because you have more than one ListenAddress configured in "
914+"sshd_config, it is impossible to determine at upgrade time if migrating you "
915+"to socket-based activation would cause the starting of sshd at boot to be "
916+"unreliable."
917+msgstr ""
918+
919+#. Type: error
920+#. Description
921+#: ../openssh-server.templates:3001
922+msgid ""
923+"Because a failure to start ssh may make it impossible to admininister a "
924+"system, you will not be migrated to socket-based activation at this time."
925+msgstr ""
926diff --git a/debian/po/da.po b/debian/po/da.po
927index 70d576d..a08ca3b 100644
928--- a/debian/po/da.po
929+++ b/debian/po/da.po
930@@ -7,7 +7,7 @@ msgid ""
931 msgstr ""
932 "Project-Id-Version: openssh\n"
933 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
934-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
935+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
936 "PO-Revision-Date: 2014-03-21 23:51+0200\n"
937 "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
938 "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
939@@ -53,3 +53,28 @@ msgstr ""
940 "Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH "
941 "som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, "
942 "hvis du ikke har brug for dette."
943+
944+#. Type: error
945+#. Description
946+#: ../openssh-server.templates:3001
947+msgid "Not migrating to socket activation"
948+msgstr ""
949+
950+#. Type: error
951+#. Description
952+#: ../openssh-server.templates:3001
953+msgid ""
954+"This version of openssh-server uses socket-based activation by default. "
955+"However, because you have more than one ListenAddress configured in "
956+"sshd_config, it is impossible to determine at upgrade time if migrating you "
957+"to socket-based activation would cause the starting of sshd at boot to be "
958+"unreliable."
959+msgstr ""
960+
961+#. Type: error
962+#. Description
963+#: ../openssh-server.templates:3001
964+msgid ""
965+"Because a failure to start ssh may make it impossible to admininister a "
966+"system, you will not be migrated to socket-based activation at this time."
967+msgstr ""
968diff --git a/debian/po/de.po b/debian/po/de.po
969index ecba54b..2536ea4 100644
970--- a/debian/po/de.po
971+++ b/debian/po/de.po
972@@ -8,7 +8,7 @@ msgid ""
973 msgstr ""
974 "Project-Id-Version: openssh_1:6.6p1-1\n"
975 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
976-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
977+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
978 "PO-Revision-Date: 2014-03-24 22:21+0100\n"
979 "Last-Translator: Stephan Beck <sbeck@mailbox.org>\n"
980 "Language-Team: Debian German translation team <debian-l10n-german@lists."
981@@ -59,3 +59,28 @@ msgstr ""
982 "in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter "
983 "Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese "
984 "Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können."
985+
986+#. Type: error
987+#. Description
988+#: ../openssh-server.templates:3001
989+msgid "Not migrating to socket activation"
990+msgstr ""
991+
992+#. Type: error
993+#. Description
994+#: ../openssh-server.templates:3001
995+msgid ""
996+"This version of openssh-server uses socket-based activation by default. "
997+"However, because you have more than one ListenAddress configured in "
998+"sshd_config, it is impossible to determine at upgrade time if migrating you "
999+"to socket-based activation would cause the starting of sshd at boot to be "
1000+"unreliable."
1001+msgstr ""
1002+
1003+#. Type: error
1004+#. Description
1005+#: ../openssh-server.templates:3001
1006+msgid ""
1007+"Because a failure to start ssh may make it impossible to admininister a "
1008+"system, you will not be migrated to socket-based activation at this time."
1009+msgstr ""
1010diff --git a/debian/po/es.po b/debian/po/es.po
1011index de8a67a..14550d6 100644
1012--- a/debian/po/es.po
1013+++ b/debian/po/es.po
1014@@ -28,7 +28,7 @@ msgid ""
1015 msgstr ""
1016 "Project-Id-Version: openssh\n"
1017 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1018-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1019+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1020 "PO-Revision-Date: 2014-03-23 20:43-0300\n"
1021 "Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n"
1022 "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
1023@@ -78,3 +78,28 @@ msgstr ""
1024 "configuración permite que el usuario root inicie sesión a través de SSH "
1025 "utilizando una contraseña. Sólo debería realizar este cambio si no necesita "
1026 "este comportamiento."
1027+
1028+#. Type: error
1029+#. Description
1030+#: ../openssh-server.templates:3001
1031+msgid "Not migrating to socket activation"
1032+msgstr ""
1033+
1034+#. Type: error
1035+#. Description
1036+#: ../openssh-server.templates:3001
1037+msgid ""
1038+"This version of openssh-server uses socket-based activation by default. "
1039+"However, because you have more than one ListenAddress configured in "
1040+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1041+"to socket-based activation would cause the starting of sshd at boot to be "
1042+"unreliable."
1043+msgstr ""
1044+
1045+#. Type: error
1046+#. Description
1047+#: ../openssh-server.templates:3001
1048+msgid ""
1049+"Because a failure to start ssh may make it impossible to admininister a "
1050+"system, you will not be migrated to socket-based activation at this time."
1051+msgstr ""
1052diff --git a/debian/po/fr.po b/debian/po/fr.po
1053index f7125e9..7d7093b 100644
1054--- a/debian/po/fr.po
1055+++ b/debian/po/fr.po
1056@@ -7,7 +7,7 @@ msgid ""
1057 msgstr ""
1058 "Project-Id-Version: openssh_1:6.5p1-6\n"
1059 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1060-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1061+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1062 "PO-Revision-Date: 2014-03-22 08:26+0100\n"
1063 "Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n"
1064 "Language-Team: French <debian-l10n-french@lists.debian.org>\n"
1065@@ -57,3 +57,28 @@ msgstr ""
1066 "inutilisables les systèmes reposant sur la possibilité de se connecter au "
1067 "compte « root » par SSH avec authentification par mot de passe. Vous ne "
1068 "devriez appliquer cette modification que si ce n’est pas votre cas."
1069+
1070+#. Type: error
1071+#. Description
1072+#: ../openssh-server.templates:3001
1073+msgid "Not migrating to socket activation"
1074+msgstr ""
1075+
1076+#. Type: error
1077+#. Description
1078+#: ../openssh-server.templates:3001
1079+msgid ""
1080+"This version of openssh-server uses socket-based activation by default. "
1081+"However, because you have more than one ListenAddress configured in "
1082+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1083+"to socket-based activation would cause the starting of sshd at boot to be "
1084+"unreliable."
1085+msgstr ""
1086+
1087+#. Type: error
1088+#. Description
1089+#: ../openssh-server.templates:3001
1090+msgid ""
1091+"Because a failure to start ssh may make it impossible to admininister a "
1092+"system, you will not be migrated to socket-based activation at this time."
1093+msgstr ""
1094diff --git a/debian/po/it.po b/debian/po/it.po
1095index dd71060..5390795 100644
1096--- a/debian/po/it.po
1097+++ b/debian/po/it.po
1098@@ -6,7 +6,7 @@ msgid ""
1099 msgstr ""
1100 "Project-Id-Version: openssh\n"
1101 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1102-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1103+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1104 "PO-Revision-Date: 2014-03-28 11:12+0200\n"
1105 "Last-Translator: Beatrice Torracca <beatricet@libero.it>\n"
1106 "Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
1107@@ -56,3 +56,28 @@ msgstr ""
1108 "impostati facendo affidamento sulla possibilità di autenticazione SSH come "
1109 "root usando la password. Si dovrebbe fare questo cambiamento solo se non si "
1110 "ha bisogno di tale comportamento."
1111+
1112+#. Type: error
1113+#. Description
1114+#: ../openssh-server.templates:3001
1115+msgid "Not migrating to socket activation"
1116+msgstr ""
1117+
1118+#. Type: error
1119+#. Description
1120+#: ../openssh-server.templates:3001
1121+msgid ""
1122+"This version of openssh-server uses socket-based activation by default. "
1123+"However, because you have more than one ListenAddress configured in "
1124+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1125+"to socket-based activation would cause the starting of sshd at boot to be "
1126+"unreliable."
1127+msgstr ""
1128+
1129+#. Type: error
1130+#. Description
1131+#: ../openssh-server.templates:3001
1132+msgid ""
1133+"Because a failure to start ssh may make it impossible to admininister a "
1134+"system, you will not be migrated to socket-based activation at this time."
1135+msgstr ""
1136diff --git a/debian/po/ja.po b/debian/po/ja.po
1137index db382f1..b48d281 100644
1138--- a/debian/po/ja.po
1139+++ b/debian/po/ja.po
1140@@ -7,7 +7,7 @@ msgid ""
1141 msgstr ""
1142 "Project-Id-Version: openssh\n"
1143 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1144-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1145+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1146 "PO-Revision-Date: 2014-03-20 11:06+0900\n"
1147 "Last-Translator: victory <victory.deb@gmail.com>\n"
1148 "Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
1149@@ -53,3 +53,28 @@ msgstr ""
1150 "ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し"
1151 "たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ"
1152 "この変更を行うようにしてください。"
1153+
1154+#. Type: error
1155+#. Description
1156+#: ../openssh-server.templates:3001
1157+msgid "Not migrating to socket activation"
1158+msgstr ""
1159+
1160+#. Type: error
1161+#. Description
1162+#: ../openssh-server.templates:3001
1163+msgid ""
1164+"This version of openssh-server uses socket-based activation by default. "
1165+"However, because you have more than one ListenAddress configured in "
1166+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1167+"to socket-based activation would cause the starting of sshd at boot to be "
1168+"unreliable."
1169+msgstr ""
1170+
1171+#. Type: error
1172+#. Description
1173+#: ../openssh-server.templates:3001
1174+msgid ""
1175+"Because a failure to start ssh may make it impossible to admininister a "
1176+"system, you will not be migrated to socket-based activation at this time."
1177+msgstr ""
1178diff --git a/debian/po/nl.po b/debian/po/nl.po
1179index 3afd617..eca9662 100644
1180--- a/debian/po/nl.po
1181+++ b/debian/po/nl.po
1182@@ -7,7 +7,7 @@ msgid ""
1183 msgstr ""
1184 "Project-Id-Version: openssh\n"
1185 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1186-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1187+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1188 "PO-Revision-Date: 2014-10-03 23:54+0200\n"
1189 "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
1190 "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
1191@@ -58,3 +58,28 @@ msgstr ""
1192 "ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan "
1193 "gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet "
1194 "nodig heeft, zou u deze wijziging kunnen doorvoeren."
1195+
1196+#. Type: error
1197+#. Description
1198+#: ../openssh-server.templates:3001
1199+msgid "Not migrating to socket activation"
1200+msgstr ""
1201+
1202+#. Type: error
1203+#. Description
1204+#: ../openssh-server.templates:3001
1205+msgid ""
1206+"This version of openssh-server uses socket-based activation by default. "
1207+"However, because you have more than one ListenAddress configured in "
1208+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1209+"to socket-based activation would cause the starting of sshd at boot to be "
1210+"unreliable."
1211+msgstr ""
1212+
1213+#. Type: error
1214+#. Description
1215+#: ../openssh-server.templates:3001
1216+msgid ""
1217+"Because a failure to start ssh may make it impossible to admininister a "
1218+"system, you will not be migrated to socket-based activation at this time."
1219+msgstr ""
1220diff --git a/debian/po/pt.po b/debian/po/pt.po
1221index 2dab84c..8f51af9 100644
1222--- a/debian/po/pt.po
1223+++ b/debian/po/pt.po
1224@@ -7,7 +7,7 @@ msgid ""
1225 msgstr ""
1226 "Project-Id-Version: openssh 1:6.6p1-1\n"
1227 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1228-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1229+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1230 "PO-Revision-Date: 2014-03-21 21:13+0000\n"
1231 "Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"
1232 "Language-Team: Portuguese <traduz@debianpt.org>\n"
1233@@ -57,3 +57,28 @@ msgstr ""
1234 "configurados com a expectativa de serem capazes de SSH como root usando "
1235 "autenticação por palavra-passe. Apenas deverá fazer esta alteração se não "
1236 "precisa de tal método de autenticação."
1237+
1238+#. Type: error
1239+#. Description
1240+#: ../openssh-server.templates:3001
1241+msgid "Not migrating to socket activation"
1242+msgstr ""
1243+
1244+#. Type: error
1245+#. Description
1246+#: ../openssh-server.templates:3001
1247+msgid ""
1248+"This version of openssh-server uses socket-based activation by default. "
1249+"However, because you have more than one ListenAddress configured in "
1250+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1251+"to socket-based activation would cause the starting of sshd at boot to be "
1252+"unreliable."
1253+msgstr ""
1254+
1255+#. Type: error
1256+#. Description
1257+#: ../openssh-server.templates:3001
1258+msgid ""
1259+"Because a failure to start ssh may make it impossible to admininister a "
1260+"system, you will not be migrated to socket-based activation at this time."
1261+msgstr ""
1262diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po
1263index 99b1182..98856bb 100644
1264--- a/debian/po/pt_BR.po
1265+++ b/debian/po/pt_BR.po
1266@@ -8,7 +8,7 @@ msgid ""
1267 msgstr ""
1268 "Project-Id-Version: openssh\n"
1269 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1270-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1271+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1272 "PO-Revision-Date: 2014-11-23 23:49-0200\n"
1273 "Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n"
1274 "Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian."
1275@@ -55,3 +55,28 @@ msgstr ""
1276 "Entretanto, ela pode quebrar sistemas que foram configurados com a "
1277 "expectativa de acesso SSH com root usando autenticação por senha. Você deve "
1278 "fazer esta mudança somente se você não precisa fazer isso."
1279+
1280+#. Type: error
1281+#. Description
1282+#: ../openssh-server.templates:3001
1283+msgid "Not migrating to socket activation"
1284+msgstr ""
1285+
1286+#. Type: error
1287+#. Description
1288+#: ../openssh-server.templates:3001
1289+msgid ""
1290+"This version of openssh-server uses socket-based activation by default. "
1291+"However, because you have more than one ListenAddress configured in "
1292+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1293+"to socket-based activation would cause the starting of sshd at boot to be "
1294+"unreliable."
1295+msgstr ""
1296+
1297+#. Type: error
1298+#. Description
1299+#: ../openssh-server.templates:3001
1300+msgid ""
1301+"Because a failure to start ssh may make it impossible to admininister a "
1302+"system, you will not be migrated to socket-based activation at this time."
1303+msgstr ""
1304diff --git a/debian/po/ru.po b/debian/po/ru.po
1305index f2e1daf..3fa193c 100644
1306--- a/debian/po/ru.po
1307+++ b/debian/po/ru.po
1308@@ -6,7 +6,7 @@ msgid ""
1309 msgstr ""
1310 "Project-Id-Version: openssh 1:6.6p1-1\n"
1311 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1312-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1313+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1314 "PO-Revision-Date: 2014-03-22 10:04+0400\n"
1315 "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
1316 "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
1317@@ -14,8 +14,8 @@ msgstr ""
1318 "MIME-Version: 1.0\n"
1319 "Content-Type: text/plain; charset=UTF-8\n"
1320 "Content-Transfer-Encoding: 8bit\n"
1321-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
1322-"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
1323+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
1324+"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
1325 "X-Generator: Lokalize 1.4\n"
1326
1327 #. Type: boolean
1328@@ -55,3 +55,28 @@ msgstr ""
1329 "атак). Однако, это вредит системам, в которых специально настроен вход для "
1330 "root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте "
1331 "утвердительно."
1332+
1333+#. Type: error
1334+#. Description
1335+#: ../openssh-server.templates:3001
1336+msgid "Not migrating to socket activation"
1337+msgstr ""
1338+
1339+#. Type: error
1340+#. Description
1341+#: ../openssh-server.templates:3001
1342+msgid ""
1343+"This version of openssh-server uses socket-based activation by default. "
1344+"However, because you have more than one ListenAddress configured in "
1345+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1346+"to socket-based activation would cause the starting of sshd at boot to be "
1347+"unreliable."
1348+msgstr ""
1349+
1350+#. Type: error
1351+#. Description
1352+#: ../openssh-server.templates:3001
1353+msgid ""
1354+"Because a failure to start ssh may make it impossible to admininister a "
1355+"system, you will not be migrated to socket-based activation at this time."
1356+msgstr ""
1357diff --git a/debian/po/sv.po b/debian/po/sv.po
1358index 278b0cc..296e611 100644
1359--- a/debian/po/sv.po
1360+++ b/debian/po/sv.po
1361@@ -8,7 +8,7 @@ msgid ""
1362 msgstr ""
1363 "Project-Id-Version: openssh\n"
1364 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1365-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1366+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1367 "PO-Revision-Date: 2014-03-21 21:36+0100\n"
1368 "Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n"
1369 "Language-Team: Swedish\n"
1370@@ -56,3 +56,28 @@ msgstr ""
1371 "sådana angrepp). Dock så kan detta förstöra system som förväntas kunna "
1372 "använda SSH som root med hjälp av lösenordsautentisering. Du skall endast "
1373 "göra denna förändring om du inte har ett behov av att kunna göra detta."
1374+
1375+#. Type: error
1376+#. Description
1377+#: ../openssh-server.templates:3001
1378+msgid "Not migrating to socket activation"
1379+msgstr ""
1380+
1381+#. Type: error
1382+#. Description
1383+#: ../openssh-server.templates:3001
1384+msgid ""
1385+"This version of openssh-server uses socket-based activation by default. "
1386+"However, because you have more than one ListenAddress configured in "
1387+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1388+"to socket-based activation would cause the starting of sshd at boot to be "
1389+"unreliable."
1390+msgstr ""
1391+
1392+#. Type: error
1393+#. Description
1394+#: ../openssh-server.templates:3001
1395+msgid ""
1396+"Because a failure to start ssh may make it impossible to admininister a "
1397+"system, you will not be migrated to socket-based activation at this time."
1398+msgstr ""
1399diff --git a/debian/po/templates.pot b/debian/po/templates.pot
1400index 47c9e36..c9dc5ba 100644
1401--- a/debian/po/templates.pot
1402+++ b/debian/po/templates.pot
1403@@ -1,6 +1,6 @@
1404 # SOME DESCRIPTIVE TITLE.
1405 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
1406-# This file is distributed under the same license as the PACKAGE package.
1407+# This file is distributed under the same license as the openssh package.
1408 # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
1409 #
1410 #, fuzzy
1411@@ -8,7 +8,7 @@ msgid ""
1412 msgstr ""
1413 "Project-Id-Version: openssh\n"
1414 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1415-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1416+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1417 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
1418 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
1419 "Language-Team: LANGUAGE <LL@li.org>\n"
1420@@ -44,3 +44,28 @@ msgid ""
1421 "able to SSH as root using password authentication. You should only make this "
1422 "change if you do not need to do that."
1423 msgstr ""
1424+
1425+#. Type: error
1426+#. Description
1427+#: ../openssh-server.templates:3001
1428+msgid "Not migrating to socket activation"
1429+msgstr ""
1430+
1431+#. Type: error
1432+#. Description
1433+#: ../openssh-server.templates:3001
1434+msgid ""
1435+"This version of openssh-server uses socket-based activation by default. "
1436+"However, because you have more than one ListenAddress configured in "
1437+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1438+"to socket-based activation would cause the starting of sshd at boot to be "
1439+"unreliable."
1440+msgstr ""
1441+
1442+#. Type: error
1443+#. Description
1444+#: ../openssh-server.templates:3001
1445+msgid ""
1446+"Because a failure to start ssh may make it impossible to admininister a "
1447+"system, you will not be migrated to socket-based activation at this time."
1448+msgstr ""
1449diff --git a/debian/po/tr.po b/debian/po/tr.po
1450index 1ada041..fd6bde5 100644
1451--- a/debian/po/tr.po
1452+++ b/debian/po/tr.po
1453@@ -7,15 +7,15 @@ msgid ""
1454 msgstr ""
1455 "Project-Id-Version: openssh-server\n"
1456 "Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
1457-"POT-Creation-Date: 2014-03-20 02:06+0000\n"
1458+"POT-Creation-Date: 2022-09-23 19:34+0000\n"
1459 "PO-Revision-Date: 2014-08-01 14:44+0200\n"
1460 "Last-Translator: Mert Dirik <mertdirik@gmail.com>\n"
1461 "Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n"
1462+"Language: tr\n"
1463 "MIME-Version: 1.0\n"
1464 "Content-Type: text/plain; charset=UTF-8\n"
1465 "Content-Transfer-Encoding: 8bit\n"
1466 "X-Generator: Poedit 1.5.4\n"
1467-"Language: tr\n"
1468
1469 #. Type: boolean
1470 #. Description
1471@@ -56,3 +56,28 @@ msgstr ""
1472 "parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden "
1473 "sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu "
1474 "değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın."
1475+
1476+#. Type: error
1477+#. Description
1478+#: ../openssh-server.templates:3001
1479+msgid "Not migrating to socket activation"
1480+msgstr ""
1481+
1482+#. Type: error
1483+#. Description
1484+#: ../openssh-server.templates:3001
1485+msgid ""
1486+"This version of openssh-server uses socket-based activation by default. "
1487+"However, because you have more than one ListenAddress configured in "
1488+"sshd_config, it is impossible to determine at upgrade time if migrating you "
1489+"to socket-based activation would cause the starting of sshd at boot to be "
1490+"unreliable."
1491+msgstr ""
1492+
1493+#. Type: error
1494+#. Description
1495+#: ../openssh-server.templates:3001
1496+msgid ""
1497+"Because a failure to start ssh may make it impossible to admininister a "
1498+"system, you will not be migrated to socket-based activation at this time."
1499+msgstr ""
1500diff --git a/debian/rules b/debian/rules
1501index 18b2bf3..400fca7 100755
1502--- a/debian/rules
1503+++ b/debian/rules
1504@@ -186,8 +186,9 @@ override_dh_installinit:
1505 dh_installinit -R --name ssh
1506
1507 override_dh_installsystemd:
1508- dh_installsystemd -popenssh-server ssh.service rescue-ssh.target
1509- dh_installsystemd -popenssh-server --no-enable ssh.socket
1510+ dh_installsystemd -popenssh-server --no-start ssh.socket
1511+ dh_installsystemd -popenssh-server rescue-ssh.target
1512+ dh_installsystemd -popenssh-server --no-enable --no-start ssh.service
1513
1514 debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in
1515 ifeq ($(DEB_HOST_ARCH_OS),linux)
1516diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service
1517index 7495d9a..a18105b 100644
1518--- a/debian/systemd/ssh.service
1519+++ b/debian/systemd/ssh.service
1520@@ -14,8 +14,6 @@ KillMode=process
1521 Restart=on-failure
1522 RestartPreventExitStatus=255
1523 Type=notify
1524-RuntimeDirectory=sshd
1525-RuntimeDirectoryMode=0755
1526
1527 [Install]
1528 WantedBy=multi-user.target
1529diff --git a/debian/tests/control b/debian/tests/control
1530index 8bc480a..0329ea0 100644
1531--- a/debian/tests/control
1532+++ b/debian/tests/control
1533@@ -8,3 +8,9 @@ Depends: devscripts,
1534 python3-twisted,
1535 sudo,
1536 sysvinit-utils,
1537+
1538+Tests: systemd-socket-activation
1539+Restrictions: needs-root allow-stderr
1540+Depends: openssh-client,
1541+ openssh-server,
1542+ systemd,
1543diff --git a/debian/tests/systemd-socket-activation b/debian/tests/systemd-socket-activation
1544new file mode 100644
1545index 0000000..42d4526
1546--- /dev/null
1547+++ b/debian/tests/systemd-socket-activation
1548@@ -0,0 +1,57 @@
1549+#!/bin/bash
1550+
1551+set -euo pipefail
1552+
1553+assert_unit_property() {
1554+ local property="$(echo "$2" | awk -F'=' '{print $1}')"
1555+
1556+ local expect="$2"
1557+ local actual="$(systemctl show -p "$property" "$1")"
1558+
1559+ if [[ "$actual" != "$expect" ]]; then
1560+ echo "Fail: $1: expected $expect, but got $actual"
1561+ return 1
1562+ fi
1563+}
1564+
1565+# Generate RSA key and add it to this user's authorized keys.
1566+ssh-keygen -t rsa -N "" -f "$HOME/.ssh/id_rsa" -q
1567+if [[ -f ~/.ssh/authorized_keys ]]; then
1568+ touch ~/.ssh/authorized_keys
1569+ chmod 0600 ~/.ssh/authorized_keys
1570+fi
1571+cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
1572+
1573+# Make sure ssh.service is not running.
1574+echo "Stopping ssh.service..."
1575+systemctl stop ssh.service 2>/dev/null
1576+
1577+# Check that ssh.socket is active and listening.
1578+echo "Checking that ssh.socket is active and listening..."
1579+assert_unit_property ssh.socket "ActiveState=active"
1580+assert_unit_property ssh.socket "SubState=listening"
1581+
1582+# Check that ssh.service is currently inactive/dead.
1583+echo "Checking that ssh.service is inactive/dead..."
1584+assert_unit_property ssh.service "ActiveState=inactive"
1585+assert_unit_property ssh.service "SubState=dead"
1586+
1587+# Check that a connection attempt successfully activates ssh.service.
1588+echo "Checking that a connection attempt activates ssh.service..."
1589+ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true
1590+assert_unit_property ssh.service "ActiveState=active"
1591+assert_unit_property ssh.service "SubState=running"
1592+
1593+# Check that we can re-execute sshd via systemctl reload.
1594+echo "Checking that sshd can be re-executed..."
1595+systemctl reload ssh.service
1596+assert_unit_property ssh.service "ActiveState=active"
1597+assert_unit_property ssh.service "SubState=running"
1598+
1599+# Check that we can run sshd in debug mode.
1600+echo "Checking sshd can run in debug mode..."
1601+systemctl stop ssh.service 2>/dev/null
1602+sed -i 's/^SSHD_OPTS=.*/SSHD_OPTS=-ddd/g' /etc/default/ssh
1603+ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true
1604+
1605+echo "Done."

Subscribers

People subscribed via source and target branches