Page MenuHomeVyOS Platform

sshd Broken on Latest Rolling Release
Closed, ResolvedPublicBUG

Description

sshd appears to be broken on the most recent rolling release:

vyos@cr01b-vyos:~$ show log all | grep -i ssh | head
Jun 25 02:11:22 localhost live-config[618]:  keyboard-configuration ssl-cert util-linux login openssh-server.
Jun 25 02:11:22 localhost systemd[1]: Starting LSB: AWS EC2 instance init script to fetch and load ssh public key...
Jun 25 02:11:22 localhost systemd[1]: Started LSB: AWS EC2 instance init script to fetch and load ssh public key.
Jun 24 21:13:13 cr01b-vyos sshd[6149]: /etc/ssh/sshd_config line 49: missing address
Jun 24 21:13:13 cr01b-vyos systemd[1]: ssh.service: Control process exited, code=exited, status=255/EXCEPTION
Jun 24 21:13:13 cr01b-vyos systemd[1]: ssh.service: Failed with result 'exit-code'.
Jun 24 21:13:14 cr01b-vyos systemd[1]: ssh.service: Service RestartSec=100ms expired, scheduling restart.
Jun 24 21:13:14 cr01b-vyos systemd[1]: ssh.service: Scheduled restart job, restart counter is at 1.
Jun 24 21:13:14 cr01b-vyos sshd[6151]: /etc/ssh/sshd_config line 49: missing address
Jun 24 21:13:14 cr01b-vyos systemd[1]: ssh.service: Control process exited, code=exited, status=255/EXCEPTION

VyOS config:

vyos@cr01b-vyos# show service ssh
 disable-host-validation
 listen-address 192.168.15.4
 listen-address fd52:d62e:8011:6e:192:168:15:4
 port 53490
[edit]

/etc/ssh/sshd_config:

vyos@cr01b-vyos# cat /etc/ssh/sshd_config                                                                                                                                                                          
### Autogenerated by ssh.py ###                                                                                                                                                                                    
                                                                                                                                                                                                                   
# https://linux.die.net/man/5/sshd_config                                                                                                                                                                          
                                                                                                                                                                                                                   
#                                                                                                                                                                                                                  
# Non-configurable defaults                                                                                                                                                                                        
#                                                                                                                                                                                                                  
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTH
LoginGraceTime 120
StrictModes yes
PubkeyAuthentication yes
IgnoreRhosts yes
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
Banner /etc/issue.net
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
PermitRootLogin no

#
# User configurable section
#

# Look up remote host name and check that the resolved host name for the remote IP
# address maps back to the very same IP address.
UseDNS no

# Specifies the port number that sshd(8) listens on
Port 53490

# Gives the verbosity level that is used when logging messages from sshd
LogLevel INFO

# Specifies whether password authentication is allowed
PasswordAuthentication yes

# Specifies the local addresses sshd should listen on
ListenAddress
ListenAddress





[edit]

There's also some serious whitespace there...though I guess that doesn't really hurt anything.

Details

Difficulty level
Easy (less than an hour)
Version
1.3-rolling-202006241940
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Perfectly compatible

Event Timeline

This appears to be caused by the setting of service ssh listen-address; it appears the script generating the config is omitting the actual address. Removing a specific listening address is a temporary workaround.

c-po changed the task status from Open to In progress.Jun 26 2020, 7:00 AM
c-po claimed this task.
c-po added a comment.Jun 26 2020, 7:24 AM

The problem was in to loop iterator when more then one address was added. This was introduced in T2635. The smoketest will be adjusted to cover this case so the issue won't reappear.

c-po closed this task as Resolved.Jun 26 2020, 7:47 AM
c-po triaged this task as Unbreak Now! priority.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Why the issue appeared? from Will be filled on close to Implementation mistake.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Aug 3 2020, 2:13 PM