Red Hat Bugzilla – Full Text Bug Listing
|Summary:||sshd.service active after boot (even though it is disabled)|
|Product:||[Fedora] Fedora||Reporter:||Volker Sobek <reklov>|
|Component:||openssh||Assignee:||Petr Lautrbach <plautrba>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||17||CC:||dennis, mattias.ellert, mgrepl, plautrba, robatino, tmraz|
|Fixed In Version:||openssh-5.9p1-22.fc17||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2012-04-11 22:04:42 EDT||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Volker Sobek 2012-04-05 22:39:12 EDT
Description of problem: I have: $ sudo systemctl status sshd.service sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled) Active: active (running) since Fri, 06 Apr 2012 04:09:08 +0200; 46s ago Main PID: 855 (sshd) CGroup: name=systemd:/system/sshd.service └ 855 /usr/sbin/sshd -D But after rebooting I get the same result (sshd.target is disabled but active). Version-Release number of selected component (if applicable): Up-to-date Fedora 17 How reproducible: Steps to Reproduce: Boot/Reboot F17 Actual results: sshd.target is active Expected results: sshd.target is inactive Additional info:
Comment 1 Volker Sobek 2012-04-05 23:38:42 EDT
Disabling sshd-keygen.service 'fixes' the bug. Seems to me like 'BindTo=sshd.service' in the file sshd-keygen.service is wrong because it activates sshd.service. $ cat /usr/lib/systemd/system/sshd-keygen.service [Unit] Description=SSH server keys generation. After=syslog.target Before=sshd.service BindTo=sshd.service [Service] Type=oneshot EnvironmentFile=/etc/sysconfig/sshd ExecStart=/usr/sbin/sshd-keygen RemainAfterExit=yes /usr/lib/systemd/system/sshd-keygen.service Notice the fix for bug https://bugzilla.redhat.com/show_bug.cgi?id=805338 (openssh-server unconditionally installs sshd-keygen.service, slows down boot) which should also fix/influence this bug here. (I haven't tested the update yet).
Comment 2 Volker Sobek 2012-04-05 23:52:37 EDT
So this bug seems to be a result of bug https://bugzilla.redhat.com/show_bug.cgi?id=805338, because having sshd-keygen.service in multi-user.target seems to be the wrong approach. I'll leave this bug here open until the fix is up, because it addresses a separate issue: sshd running after boot.
Comment 3 Volker Sobek 2012-04-06 00:14:50 EDT
Actually the update is already in testing and I have/had it installed, it just seems that the the update process didn't remove symlinks or something like that ... ?
Comment 4 Petr Lautrbach 2012-04-06 03:47:08 EDT
(In reply to comment #3) > Actually the update is already in testing and I have/had it installed, it just > seems that the the update process didn't remove symlinks or something like that > ... ? I decided to not call disable on ssh-keygen.service during update and let users to disable it themselves, but it seems to be wrong decision. > Disabling sshd-keygen.service 'fixes' the bug. Yes. > > Seems to me like 'BindTo=sshd.service' in the file sshd-keygen.service is wrong > because it activates sshd.service. 'BindTo=sshd.service' is needed. ssh-keygen,service is oneshot and stays after exit in running state. And as we need to start ssh-keygen.service every time sshd.service starts, so we need to stop ssh-keygen.service together with sshd.service. Unfortunately there is side effect that sshd.service is started even if sshd-keygen.service is started manually.
Comment 5 Petr Lautrbach 2012-04-06 15:30:44 EDT
I've removed sshd-keygen.service completely. sshd-keygen is run from sshd.service now: # cat /usr/lib/systemd/system/sshd.service [Unit] Description=OpenSSH server daemon After=syslog.target network.target auditd.service [Service] EnvironmentFile=/etc/sysconfig/sshd ExecStartPre=/usr/sbin/sshd-keygen ExecStart=/usr/sbin/sshd -D $OPTIONS ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target
Comment 6 Fedora Update System 2012-04-06 15:40:43 EDT
openssh-5.9p1-22.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/openssh-5.9p1-22.fc17
Comment 7 Fedora Update System 2012-04-06 19:24:45 EDT
Package openssh-5.9p1-22.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-5.9p1-22.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-5485/openssh-5.9p1-22.fc17 then log in and leave karma (feedback).
Comment 8 Fedora Update System 2012-04-11 22:04:42 EDT
openssh-5.9p1-22.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.