[gentoo-dev] [RFC] News item: OpenSSH 8.2

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-dev] [RFC] News item: OpenSSH 8.2_p1 running sshd breakage
@ 2020-02-19 20:02 Patrick McLean
  2020-02-19 20:12 ` Mike Gilbert
  2020-02-19 21:22 ` William Hubbs
  0 siblings, 2 replies; 6+ messages in thread
From: Patrick McLean @ 2020-02-19 20:02 UTC (permalink / raw
  To: gentoo-dev

Title: OpenSSH 8.2_p1 running sshd breakage
Author: Patrick McLean <chutzpah@gentoo.org>
Posted: 2020-02-21
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: <net-misc/openssh-8.2

If sshd is running, and a system is upgraded from <net-misc/openssh-8.2_p1
to >=net-misc/openssh-8.2_p1, any new ssh connection will fail until sshd is
restarted.

Before restarting sshd, it is *strongly* recommended that you test your
configuraton with the following command (as root):
    sshd -t

If your system is booted with openrc, use this command  (as root) 
to restart sshd:
    /etc/init.d/sshd restart

If your system is booted with systemd, use this command (as root)
to restart sshd:
    systemctl restart sshd

WARNING: On systemd booted machines, this command will terminate all currently
         open ssh connections, it is *strongly* reccommended that you validate
         your configuration before restarting sshd.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-dev] [RFC] News item: OpenSSH 8.2_p1 running sshd breakage
  2020-02-19 20:02 [gentoo-dev] [RFC] News item: OpenSSH 8.2_p1 running sshd breakage Patrick McLean
@ 2020-02-19 20:12 ` Mike Gilbert
  2020-02-19 20:41   ` Michael Jones
  2020-02-19 21:22 ` William Hubbs
  1 sibling, 1 reply; 6+ messages in thread
From: Mike Gilbert @ 2020-02-19 20:12 UTC (permalink / raw
  To: Gentoo Dev

On Wed, Feb 19, 2020 at 3:02 PM Patrick McLean <chutzpah@gentoo.org> wrote:
>
> Title: OpenSSH 8.2_p1 running sshd breakage
> Author: Patrick McLean <chutzpah@gentoo.org>
> Posted: 2020-02-21
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: <net-misc/openssh-8.2
>
> If sshd is running, and a system is upgraded from <net-misc/openssh-8.2_p1
> to >=net-misc/openssh-8.2_p1, any new ssh connection will fail until sshd is
> restarted.
>
> Before restarting sshd, it is *strongly* recommended that you test your
> configuraton with the following command (as root):
>     sshd -t
>
> If your system is booted with openrc, use this command  (as root)
> to restart sshd:
>     /etc/init.d/sshd restart
>
> If your system is booted with systemd, use this command (as root)
> to restart sshd:
>     systemctl restart sshd
>
> WARNING: On systemd booted machines, this command will terminate all currently
>          open ssh connections, it is *strongly* reccommended that you validate
>          your configuration before restarting sshd.
>

Existing connections are only terminated if the pam_systemd module is
not enabled. This might happen if the user has disabled USE=pam on
sys-apps/systemd, or if they have modified the system pam stack to
exclude pam_systemd.

Maybe change the warning to this:

WARNING: On systemd booted machines with PAM disabled, this command
will terminate all currently open ssh connections. It is *strongly*
recommended that you validate your configuration before restarting
sshd.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-dev] [RFC] News item: OpenSSH 8.2_p1 running sshd breakage
  2020-02-19 20:12 ` Mike Gilbert
@ 2020-02-19 20:41   ` Michael Jones
  2020-02-19 20:59     ` Mike Gilbert
  0 siblings, 1 reply; 6+ messages in thread
From: Michael Jones @ 2020-02-19 20:41 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 1778 bytes --]

How does this effect systemd's socket activation?

E.g. The systemd sshd.socket unit file.

On Wed, Feb 19, 2020 at 2:12 PM Mike Gilbert <floppym@gentoo.org> wrote:

> On Wed, Feb 19, 2020 at 3:02 PM Patrick McLean <chutzpah@gentoo.org>
> wrote:
> >
> > Title: OpenSSH 8.2_p1 running sshd breakage
> > Author: Patrick McLean <chutzpah@gentoo.org>
> > Posted: 2020-02-21
> > Revision: 1
> > News-Item-Format: 2.0
> > Display-If-Installed: <net-misc/openssh-8.2
> >
> > If sshd is running, and a system is upgraded from
> <net-misc/openssh-8.2_p1
> > to >=net-misc/openssh-8.2_p1, any new ssh connection will fail until
> sshd is
> > restarted.
> >
> > Before restarting sshd, it is *strongly* recommended that you test your
> > configuraton with the following command (as root):
> >     sshd -t
> >
> > If your system is booted with openrc, use this command  (as root)
> > to restart sshd:
> >     /etc/init.d/sshd restart
> >
> > If your system is booted with systemd, use this command (as root)
> > to restart sshd:
> >     systemctl restart sshd
> >
> > WARNING: On systemd booted machines, this command will terminate all
> currently
> >          open ssh connections, it is *strongly* reccommended that you
> validate
> >          your configuration before restarting sshd.
> >
>
> Existing connections are only terminated if the pam_systemd module is
> not enabled. This might happen if the user has disabled USE=pam on
> sys-apps/systemd, or if they have modified the system pam stack to
> exclude pam_systemd.
>
> Maybe change the warning to this:
>
> WARNING: On systemd booted machines with PAM disabled, this command
> will terminate all currently open ssh connections. It is *strongly*
> recommended that you validate your configuration before restarting
> sshd.
>
>

[-- Attachment #2: Type: text/html, Size: 2443 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-dev] [RFC] News item: OpenSSH 8.2_p1 running sshd breakage
  2020-02-19 20:41   ` Michael Jones
@ 2020-02-19 20:59     ` Mike Gilbert
  2020-02-19 21:22       ` Michael Jones
  0 siblings, 1 reply; 6+ messages in thread
From: Mike Gilbert @ 2020-02-19 20:59 UTC (permalink / raw
  To: Gentoo Dev

On Wed, Feb 19, 2020 at 3:41 PM Michael Jones <gentoo@jonesmz.com> wrote:
>
> How does this effect systemd's socket activation?
>
> E.g. The systemd sshd.socket unit file.

Please avoid top-posting.

When socket-activated, a separate instance of sshd is spawned for each
connection. I don't think any action is needed in that case.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-dev] [RFC] News item: OpenSSH 8.2_p1 running sshd breakage
  2020-02-19 20:59     ` Mike Gilbert
@ 2020-02-19 21:22       ` Michael Jones
  0 siblings, 0 replies; 6+ messages in thread
From: Michael Jones @ 2020-02-19 21:22 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 478 bytes --]

On Wed, Feb 19, 2020 at 3:00 PM Mike Gilbert <floppym@gentoo.org> wrote:

> On Wed, Feb 19, 2020 at 3:41 PM Michael Jones <gentoo@jonesmz.com> wrote:
> >
> > How does this effect systemd's socket activation?
> >
> > E.g. The systemd sshd.socket unit file.
>
> Please avoid top-posting.
>
> When socket-activated, a separate instance of sshd is spawned for each
> connection. I don't think any action is needed in that case.
>
>
Consider listing this situation in the news post.

[-- Attachment #2: Type: text/html, Size: 911 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [gentoo-dev] [RFC] News item: OpenSSH 8.2_p1 running sshd breakage
  2020-02-19 20:02 [gentoo-dev] [RFC] News item: OpenSSH 8.2_p1 running sshd breakage Patrick McLean
  2020-02-19 20:12 ` Mike Gilbert
@ 2020-02-19 21:22 ` William Hubbs
  1 sibling, 0 replies; 6+ messages in thread
From: William Hubbs @ 2020-02-19 21:22 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 797 bytes --]

On Wed, Feb 19, 2020 at 12:02:51PM -0800, Patrick McLean wrote:
> Title: OpenSSH 8.2_p1 running sshd breakage
> Author: Patrick McLean <chutzpah@gentoo.org>
> Posted: 2020-02-21
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: <net-misc/openssh-8.2
> 
> If sshd is running, and a system is upgraded from <net-misc/openssh-8.2_p1
> to >=net-misc/openssh-8.2_p1, any new ssh connection will fail until sshd is
> restarted.
> 
> Before restarting sshd, it is *strongly* recommended that you test your
> configuraton with the following command (as root):
>     sshd -t
> 
> If your system is booted with openrc, use this command  (as root) 
> to restart sshd:
>     /etc/init.d/sshd restart

A better choice would be:

rc-service sshd --nodeps restart

William


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-02-19 21:22 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-19 20:02 [gentoo-dev] [RFC] News item: OpenSSH 8.2_p1 running sshd breakage Patrick McLean
2020-02-19 20:12 ` Mike Gilbert
2020-02-19 20:41   ` Michael Jones
2020-02-19 20:59     ` Mike Gilbert
2020-02-19 21:22       ` Michael Jones
2020-02-19 21:22 ` William Hubbs

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox