Red Hat Bugzilla – Bug 810419
sshd.service active after boot (even though it is disabled)
Last modified: 2012-04-11 22:04:42 EDT
Description of problem:
$ sudo systemctl status sshd.service
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled)
Active: active (running) since Fri, 06 Apr 2012 04:09:08 +0200; 46s ago
Main PID: 855 (sshd)
└ 855 /usr/sbin/sshd -D
But after rebooting I get the same result (sshd.target is disabled but active).
Version-Release number of selected component (if applicable):
Up-to-date Fedora 17
Steps to Reproduce:
sshd.target is active
sshd.target is inactive
Disabling sshd-keygen.service 'fixes' the bug.
Seems to me like 'BindTo=sshd.service' in the file sshd-keygen.service is wrong because it activates sshd.service.
$ cat /usr/lib/systemd/system/sshd-keygen.service
Description=SSH server keys generation.
Notice the fix for bug
https://bugzilla.redhat.com/show_bug.cgi?id=805338 (openssh-server unconditionally installs sshd-keygen.service, slows down boot)
which should also fix/influence this bug here. (I haven't tested the update yet).
So this bug seems to be a result of bug https://bugzilla.redhat.com/show_bug.cgi?id=805338, because having sshd-keygen.service in multi-user.target seems to be the wrong approach.
I'll leave this bug here open until the fix is up, because it addresses a separate issue: sshd running after boot.
Actually the update is already in testing and I have/had it installed, it just seems that the the update process didn't remove symlinks or something like that ... ?
(In reply to comment #3)
> Actually the update is already in testing and I have/had it installed, it just
> seems that the the update process didn't remove symlinks or something like that
> ... ?
I decided to not call disable on ssh-keygen.service during update and let users to disable it themselves, but it seems to be wrong decision.
> Disabling sshd-keygen.service 'fixes' the bug.
> Seems to me like 'BindTo=sshd.service' in the file sshd-keygen.service is wrong
> because it activates sshd.service.
'BindTo=sshd.service' is needed. ssh-keygen,service is oneshot and stays after exit in running state. And as we need to start ssh-keygen.service every time sshd.service starts, so we need to stop ssh-keygen.service together with sshd.service. Unfortunately there is side effect that sshd.service is started even if sshd-keygen.service is started manually.
I've removed sshd-keygen.service completely. sshd-keygen is run from sshd.service now:
# cat /usr/lib/systemd/system/sshd.service
Description=OpenSSH server daemon
After=syslog.target network.target auditd.service
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
openssh-5.9p1-22.fc17 has been submitted as an update for Fedora 17.
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-5.9p1-22.fc17'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
openssh-5.9p1-22.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.