This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 810419 - sshd.service active after boot (even though it is disabled)
sshd.service active after boot (even though it is disabled)
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
17
Unspecified Unspecified
unspecified Severity high
: ---
: ---
Assigned To: Petr Lautrbach
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-05 22:39 EDT by Volker Sobek
Modified: 2012-04-11 22:04 EDT (History)
6 users (show)

See Also:
Fixed In Version: openssh-5.9p1-22.fc17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-04-11 22:04:42 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Volker Sobek 2012-04-05 22:39:12 EDT
Description of problem:

I have:
$ sudo systemctl status sshd.service 
sshd.service - OpenSSH server daemon
	  Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled)
	  Active: active (running) since Fri, 06 Apr 2012 04:09:08 +0200; 46s ago
	Main PID: 855 (sshd)
	  CGroup: name=systemd:/system/sshd.service
		  └ 855 /usr/sbin/sshd -D

But after rebooting I get the same result (sshd.target is disabled but active).


Version-Release number of selected component (if applicable):

Up-to-date Fedora 17

How reproducible:

Steps to Reproduce:
Boot/Reboot F17
 
Actual results:
sshd.target is active

Expected results:
sshd.target is inactive

Additional info:
Comment 1 Volker Sobek 2012-04-05 23:38:42 EDT
Disabling sshd-keygen.service 'fixes' the bug.

Seems to me like 'BindTo=sshd.service' in the file sshd-keygen.service is wrong because it activates sshd.service.

$ cat /usr/lib/systemd/system/sshd-keygen.service 
[Unit]
Description=SSH server keys generation.
After=syslog.target
Before=sshd.service
BindTo=sshd.service

[Service]
Type=oneshot
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd-keygen
RemainAfterExit=yes
/usr/lib/systemd/system/sshd-keygen.service 


Notice the fix for bug

https://bugzilla.redhat.com/show_bug.cgi?id=805338 (openssh-server unconditionally installs sshd-keygen.service, slows down boot)

which should also fix/influence this bug here. (I haven't tested the update yet).
Comment 2 Volker Sobek 2012-04-05 23:52:37 EDT
So this bug seems to be a result of bug https://bugzilla.redhat.com/show_bug.cgi?id=805338, because having sshd-keygen.service in multi-user.target seems to be the wrong approach.

I'll leave this bug here open until the fix is up, because it addresses a separate issue: sshd running after boot.
Comment 3 Volker Sobek 2012-04-06 00:14:50 EDT
Actually the update is already in testing and I have/had it installed, it just seems that the the update process didn't remove symlinks or something like that ... ?
Comment 4 Petr Lautrbach 2012-04-06 03:47:08 EDT
(In reply to comment #3)
> Actually the update is already in testing and I have/had it installed, it just
> seems that the the update process didn't remove symlinks or something like that
> ... ?

I decided to not call disable on ssh-keygen.service during update and let users to disable it themselves, but it seems to be wrong decision.

> Disabling sshd-keygen.service 'fixes' the bug.

Yes.

> 
> Seems to me like 'BindTo=sshd.service' in the file sshd-keygen.service is wrong
> because it activates sshd.service.

'BindTo=sshd.service' is needed. ssh-keygen,service is oneshot and stays after exit in running state. And as we need to start ssh-keygen.service every time sshd.service starts, so we need to stop ssh-keygen.service together with sshd.service. Unfortunately there is side effect that sshd.service is started even if sshd-keygen.service is started manually.
Comment 5 Petr Lautrbach 2012-04-06 15:30:44 EDT
I've removed sshd-keygen.service completely. sshd-keygen is run from sshd.service now:

# cat /usr/lib/systemd/system/sshd.service 
[Unit]
Description=OpenSSH server daemon
After=syslog.target network.target auditd.service

[Service]
EnvironmentFile=/etc/sysconfig/sshd
ExecStartPre=/usr/sbin/sshd-keygen
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
Comment 6 Fedora Update System 2012-04-06 15:40:43 EDT
openssh-5.9p1-22.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/openssh-5.9p1-22.fc17
Comment 7 Fedora Update System 2012-04-06 19:24:45 EDT
Package openssh-5.9p1-22.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-5.9p1-22.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-5485/openssh-5.9p1-22.fc17
then log in and leave karma (feedback).
Comment 8 Fedora Update System 2012-04-11 22:04:42 EDT
openssh-5.9p1-22.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.