28611 – sshd_config syntax changes in 2.5.1p1 -> condrestart kills sshd.

Bug 28611 - sshd_config syntax changes in 2.5.1p1 -> condrestart kills sshd.

Summary: sshd_config syntax changes in 2.5.1p1 -> condrestart kills sshd.

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	openssh
Sub Component:
Version:	7.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-02-21 15:16 UTC by Pekka Savola
Modified:	2008-05-01 15:37 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-03-28 17:51:18 UTC
Embargoed:

Attachments	(Terms of Use)
sshd -t functionality for config sanity checking (2.45 KB, patch) 2001-02-21 17:19 UTC, Pekka Savola	no flags	Details \| Diff
View All

Description Pekka Savola 2001-02-21 15:16:57 UTC

2.5.1p1 from Rawhide.

sshd_config syntax has changed a bit; some old definitions have been obsoleted etc.

New sshd_config is installed with %noreplace.

Thus, condrestart done after rpm -Uvh kills sshd.  Undesirable :-/

I wonder if there's a reliable way to change this.  Some perl -pi tricks would help some, but
in some cases (e.g. skey, tis -> both to challengeresponseauth) this might also create problems due to
multiple definitions.

I wonder if a trigger (upgrade from <2.5.0) could prevent condrestart and echo a warning.

Comment 1 Pekka Savola 2001-02-21 17:19:04 UTC

Attached is a patch to add 'sshd -t' functionility which checks the validity of the configuration file
and sanity of the host keys.

Adding a test using this to some point at post-installation, and echoing a warning message (for those that might
be updating by hand) might help a bit.

This will probably show up in OpenSSH proper.

[killed sshd sessions are actually rather irritating, so raising severity]

Comment 2 Pekka Savola 2001-02-21 17:19:53 UTC

Created attachment 10642 [details]
sshd -t functionality for config sanity checking

Comment 3 Glen Foster 2001-02-21 20:33:54 UTC

This defect is considered MUST-FIX for Florence Release-Candidate #2

Comment 4 Nalin Dahyabhai 2001-02-21 22:38:29 UTC

The getenv() thing may force a 2.5.1p2 within the next week or so.

Comment 5 Nalin Dahyabhai 2001-02-22 20:17:21 UTC

...but discussion on the developer list indicates that this would be implemented
post-2.5.1, so I'll be looking at it more today.

Comment 6 Nalin Dahyabhai 2001-02-22 22:25:06 UTC

Have you actually gotten sshd to not restart properly?  I can get it to not load
the v2 keys using the older configuration file, but the built-in option aliasing
code is handling the rest of my test config admirably.

Comment 7 Pekka Savola 2001-02-22 22:56:29 UTC

Umm. Sorry for jumping the gun.  Updating beta4 to openssh-2.5.1p1 _did_ kill my sshd for some 
reason so I couldn't connect, but I can't reproduce it now.

Also, the code (readconf.c) seems a lot more friendly about old, obsolete options than I thought.

Comment 8 Nalin Dahyabhai 2001-02-23 20:36:40 UTC

I suspect you got hit with some initscripts changing that caused the "stop" to
kill *all* running processes named sshd.  That was reverted yesterday, IIRC, so
you'll see the change in today's refresh.  The new initscripts may also
alleviate part of the hanging-on-exit problem (the part where a daemon restart
would cause the connection to hang at stop).

Comment 9 Nalin Dahyabhai 2001-02-26 18:03:43 UTC

Well, the migration issue has been sorted out, so far as I can tell.  Closing.

Comment 10 Pekka Savola 2001-03-28 17:51:14 UTC

See #33633.

Comment 11 Nalin Dahyabhai 2001-09-06 12:48:27 UTC

The patch for the -t option should be integrated into 2.9p2-7 and later.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.