debcrafters-packages team mailing list archive

Thread
Date

[Bug 2118912] Re: openssh-server unavailable after upgrade to 1:9.6p1-3ubuntu13.13

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Ubsol <2118912@xxxxxxxxxxxxxxxxxx>
Date: Sun, 03 Aug 2025 14:07:33 -0000
Reply-to: Bug 2118912 <2118912@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Sure this can be said to be a case of bad configuration, but there is a
real issue here: A configuration that worked fine for more than a year
on Ubuntu LTS without any warnings (and which was the correct
configuration on Ubuntu 22.10, Ubuntu 23.04, and Ubuntu 23.10) now
suddenly causes servers to be unreachable. It would be very much
appreciated if potentially server-nuking changes could be avoided in
year-old Ubuntu LTS.

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2118912

Title:
  openssh-server unavailable after upgrade to 1:9.6p1-3ubuntu13.13

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  Ubuntu release: Ubuntu 24.04.2 LTS
  Package affected version: openssh-server:1:9.6p1-3ubuntu13.13

  -------

  After upgrading openssh-server:1:9.6p1-3ubuntu13.11 and openssh-
  server:1:9.6p1-3ubuntu13.12 to openssh-server:1:9.6p1-3ubuntu13.13
  using unattended upgrades I found my Ubuntu 24 server unreachable via
  ssh.

  During intial setup I changed my ssh configuration adding TCP 1221 to
  its binding ports, to make that I followed these steps:

  cat << EOF > /etc/ssh/sshd_config.d/custom.conf
  Port 1221
  Port 22
  PermitRootLogin no
  PasswordAuthentication no
  EOF

  systemctl edit ssh.socket

  # adding these lines
  [Socket]
  ListenStream=
  ListenStream=22
  ListenStream=1221

  If I don't add any of those configuration changes to ssh.service and
  ssh.socket ssh is still available on standard tcp port 22 after
  upgrading to version 1:9.6p1-3ubuntu13.13.

  I I add those changes AFTER upgrading to version 1:9.6p1-3ubuntu13.13
  the problem still occurr and ssh will become unavailable.

  Downgrade to previous version (1:9.6p1-3ubuntu13.11 or
  1:9.6p1-3ubuntu13.12 fixes the problem without changing any of the
  previous customizations.

  Syntax to downgrade:
  sudo apt update; sudo apt install -y openssh-client=1:9.6p1-3ubuntu13.11 openssh-server=1:9.6p1-3ubuntu13.11 openssh-sftp-server=1:9.6p1-3ubuntu13.11

  Steps to reproduce the problem on a new Ubuntu instance (tested both on AWS EC2 and GCP instances):
  1. create a new instance based on Ubuntu 24LTS AMI
  2. add TCP port 1221 (or any port you want) to ssh binding

  cat << EOF > /etc/ssh/sshd_config.d/custom.conf
  Port 1221
  Port 22
  PermitRootLogin no
  PasswordAuthentication no
  EOF

  systemctl edit ssh.socket

  # add these lines
  [Socket]
  ListenStream=
  ListenStream=22
  ListenStream=1221

  systemctl restart ssh.service ssh.socket

  3. check ssh is available on TCP 22 and TCP 1221 (check firewall or security group)
  4. upgrade system packages (make sure to upgrade openssh-server to version 1:9.6p1-3ubuntu13.13
  sudo apt update ; sudo apt upgrade -y
  5. sudo shutdown -r now
  6. ssh unavailable after reboot but ssh.service and ssh.socket do not show any error or problem whatsoever.

  Thanks

  Tas

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2118912/+subscriptions

References

[Bug 2118912] [NEW] openssh-server unavailable after upgrade to 1:9.6p1-3ubuntu13.13
From: Tasslehoff Burrfoot, 2025-07-28