Bug 1936538
| Summary: | [RFE] sshd should use IP_FREEBIND | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Andrea Perotti <aperotti> |
| Component: | openssh | Assignee: | Dmitry Belyavskiy <dbelyavs> |
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.4 | CC: | aromito, bugzilla, dbelyavs, gdelross, jjelen, nmadhesh, psimerda, s.egbert, tscherf |
| Target Milestone: | rc | Keywords: | FutureFeature, Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-02-01 13:37:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1119787 | ||
|
Description
Andrea Perotti
2021-03-08 17:38:10 UTC
*** Bug 2001221 has been marked as a duplicate of this bug. *** *** Bug 1096081 has been marked as a duplicate of this bug. *** Dmitry, based on https://marc.info/?l=openssh-unix-dev&m=162745909408274&w=2, what are we going to do with this request? Some real world use-case examples: Port 22 open on the internal netdev interfaces and Port 2222 on the external netdev interfaces. Many router-based Redhat will be impacted by this inability to set multiple SSH port numbers. Example `sshd_config` ``` Port 2222 ListenAddress 172.28.140.1:22 ListenAddress 172.28.200.1:22 ListenAddress 0.0.0.0 ``` Running CentOS 8.4, OpenSSH v8.0. *** Bug 2036451 has been marked as a duplicate of this bug. *** I found a workaround to this issue from a comment in another duplicate BZ#2001221 : ~~~~~~~~~~~~~~~~ Adding 'After=network-online.target' as a dependency under the sshd.service unit file helps to start sshd without fail. But any future updates of openssh-server will override these changes. Need a permanent solution. (In reply to Egbert S. from comment #21) > I found a workaround to this issue from a comment in another duplicate > BZ#2001221 : > ~~~~~~~~~~~~~~~~ > > Adding 'After=network-online.target' as a dependency under the sshd.service > unit file helps to start sshd without fail. > > But any future updates of openssh-server will override these changes. Need a > permanent solution. You should not modify the service file under the /usr/lib, but create a service file in /etc/systemd/system/sshd.service with this content (or use drop-in directory /etc/systemd/system/sshd.service.d/) to provide local modifications. And reload systemd to apply the changes. we can do this workaround by executing:
systemctl edit sshd.service
and inserting the following:
[Unit]
After=network-online.target
which will put our tiny fixes in and hopefully survive through any clobbering by its future package upgrade.
I tend to close this bug as WONTFIX. There is a feasible workaround and a proper fix will require a bit more efforts than we can apply. *** Bug 2079827 has been marked as a duplicate of this bug. *** *** Bug 2131524 has been marked as a duplicate of this bug. *** |