debcrafters-packages team mailing list archive

Thread
Date
[Bug 2069041] Re: Changing Port in sshd_config requires calling systemctl daemon-reload

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Nick Rosbrook <2069041@xxxxxxxxxxxxxxxxxx>
Date: Fri, 09 May 2025 14:22:27 -0000
Reply-to: Bug 2069041 <2069041@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Verification for part 2 of the test plan:

root@n:~# apt policy openssh-server
openssh-server:
  Installed: 1:9.6p1-3ubuntu13.12
  Candidate: 1:9.6p1-3ubuntu13.12
  Version table:
 *** 1:9.6p1-3ubuntu13.12 100
        100 /var/lib/dpkg/status
     1:9.6p1-3ubuntu13.11 500
        500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
     1:9.6p1-3ubuntu13 500
        500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages
root@n:~# sed -i 's/Prompt=lts/Prompt=normal/g' /etc/update-manager/release-upgrades
root@n:~# do-release-upgrade 
Checking for a new Ubuntu release

= Welcome to Ubuntu 24.10 'Oracular Oriole' =

The Ubuntu team is proud to announce Ubuntu 24.10 'Oracular Oriole'.

To see what's new in this release, visit:
  https://wiki.ubuntu.com/OracularOriole/ReleaseNotes

Ubuntu is a Linux distribution for your desktop or server, with a fast
and easy install, regular releases, a tight selection of excellent
applications installed by default, and almost any other software you
can imagine available through the network.

We hope you enjoy Ubuntu.

== Feedback and Helping ==

If you would like to help shape Ubuntu, take a look at the list of
ways you can participate at

  http://www.ubuntu.com/community/participate/

Your comments, bug reports, patches and suggestions will help ensure
that our next release is the best release of Ubuntu ever.  If you feel
that you have found a bug please read:

  http://help.ubuntu.com/community/ReportingBugs

Then report bugs using apport in Ubuntu.  For example:

  ubuntu-bug linux

will open a bug report in Launchpad regarding the linux package.

If you have a question, or if you think you may have found a bug but
aren't sure, first try asking on the #ubuntu or #ubuntu-bugs IRC
channels on Libera.Chat, on the Ubuntu Users mailing list, or on the
Ubuntu forums:

  http://help.ubuntu.com/community/InternetRelayChat
  http://lists.ubuntu.com/mailman/listinfo/ubuntu-users
  http://www.ubuntuforums.org/


== More Information ==

You can find out more about Ubuntu on our website, IRC channel and wiki.
If you're new to Ubuntu, please visit:

  http://www.ubuntu.com/


To sign up for future Ubuntu announcements, please subscribe to Ubuntu's
very low volume announcement list at:

  http://lists.ubuntu.com/mailman/listinfo/ubuntu-announce


Continue [yN] y   
Get:1 Upgrade tool signature [833 B]                                                                        
Get:2 Upgrade tool [1049 kB]                                                                                
Fetched 1050 kB in 0s (0 B/s)                                                                               
/usr/lib/python3/dist-packages/DistUpgrade/DistUpgradeFetcherCore.py:237: Warning: W:Download is performed unsandboxed as root as file 'oracular.tar.gz.gpg' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
  result = fetcher.run()
authenticate 'oracular.tar.gz' against 'oracular.tar.gz.gpg' 
extracting 'oracular.tar.gz'
[screen is terminating]
root@n:~# cat /etc/os-release 
PRETTY_NAME="Ubuntu 24.10"
NAME="Ubuntu"
VERSION_ID="24.10"
VERSION="24.10 (Oracular Oriole)"
VERSION_CODENAME=oracular
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/";
SUPPORT_URL="https://help.ubuntu.com/";
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/";
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy";
UBUNTU_CODENAME=oracular
LOGO=ubuntu-logo
root@n:~# apt policy openssh-server
openssh-server:
  Installed: 1:9.7p1-7ubuntu4.3
  Candidate: 1:9.7p1-7ubuntu4.3
  Version table:
 *** 1:9.7p1-7ubuntu4.3 500
        500 http://archive.ubuntu.com/ubuntu oracular-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu oracular-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1:9.7p1-7ubuntu4 500
        500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages

There were no debconf prompts or other issues relating to the upgrade of
openssh-server.

** Tags removed: verification-needed verification-needed-noble
** Tags added: verification-done verification-done-noble

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2069041

Title:
  Changing Port in sshd_config requires calling systemctl daemon-reload

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Noble:
  Fix Committed

Bug description:
  [Impact]

  There is currently no comment in the default /etc/ssh/sshd_config
  explaining that a systemctl daemon-reload is needed for changes to
  Port etc. to take effect when systemd socket activation is used (the
  default on Ubuntu).

  Users may change e.g. Port in  /etc/ssh/sshd_config and expect
  systemctl restart ssh.service to reflect the change, but this will not
  work.

  [Test Plan]

  1. The proposed fix here is to improve the documentation by adding a
  comment above the default Port setting in /etc/ssh/sshd_config. Hence,
  the test is to simply install openssh-server from noble-proposed, and
  verify that the comment is there.

  2. Because the patch changes the default sshd_config, and
  debian/openssh-server.ucf-md5sum needs to be updated when this
  happens, an upgrade from noble to oracular should be done after
  installing openssh-server from noble-proposed. If a debconf prompt is
  shown, then a mistake was made in recording the checksums. Otherwise,
  they are correct.

  [Where problems could occur]

  There is low technical risk, but we should be sure that the
  documentation is clear and improves the experience of users. It could
  be harmful if the documentation accidentally makes things worse, or is
  just confusing.

  Also, a packaging quirk of openssh-server is that checksums of the
  patched sshd_config (along with certain settings tweaked) need to be
  recorded in debian/openssh-server.ucf-md5sum to avoid unnecessary
  debconf prompts on upgrades. I have updated those checksums, but if
  they are incorrent, then in future upgrades users might see an
  unnecessary debconf prompt about /etc/ssh/sshd_config.

  [Original Description]

  Changing the Port directive in sshd_config and restarting ssh.service
  is without effect, sshd keeps listening to port 22.

  Also mentioned in https://discourse.ubuntu.com/t/sshd-now-uses-socket-
  based-activation-ubuntu-22-10-and-later/30189/32

  Steps to reproduce:
  1. Install Ubuntu 24.04 LTS
  2. Change Port directive in /etc/ssh/sshd_config to Port 2233
  3. Restart ssh.service
  4. Observe sshd still listening to port 22

  Expected behaviour: sshd changes port to 2233

  Actual behaviour: sshd keeps listening to port 22

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2069041/+subscriptions