Bug#778913: openssh-server: init (at least systemd) doesn't notice when sshd fails to start and reports success

Michael Biebl biebl at debian.org
Tue May 12 16:42:46 BST 2015 

Am 12.05.2015 um 17:07 schrieb Michael Biebl:
> root at pluto:~# echo foobar >> /etc/ssh/sshd_config 
> 
> root at pluto:~# systemctl restart ssh.service 
> Job for ssh.service failed. See 'systemctl status ssh.service' and 'journalctl -xn' for details.
> 
> root at pluto:~# systemctl status ssh.service 
> ● ssh.service - OpenBSD Secure Shell server
>    Loaded: loaded (/etc/systemd/system/ssh.service; enabled)
>    Active: failed (Result: start-limit) since Di 2015-05-12 17:03:51 CEST; 5s ago
>   Process: 13053 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=255)
>  Main PID: 13053 (code=exited, status=255)
> 
> Mai 12 17:03:51 pluto sshd[13053]: /etc/ssh/sshd_config: terminating, 1 bad configuration options
> Mai 12 17:03:51 pluto systemd[1]: ssh.service: main process exited, code=exited, status=255/n/a
> Mai 12 17:03:51 pluto systemd[1]: Failed to start OpenBSD Secure Shell server.
> Mai 12 17:03:51 pluto systemd[1]: Unit ssh.service entered failed state.
> Mai 12 17:03:51 pluto systemd[1]: ssh.service start request repeated too quickly, refusing to start.
> Mai 12 17:03:51 pluto systemd[1]: Failed to start OpenBSD Secure Shell server.
> Mai 12 17:03:51 pluto systemd[1]: Unit ssh.service entered failed state.
> 
> 
> As you can see, systemd tries to repeatedly start the service until it hits
> start-limit.
> We should use sd_notify in that case to pass a correct error code to systemd.

Or we could use what's been proposed by Colin, i.e.
 ExecStartPre=/usr/bin/sshd -t
or my
 RestartPreventExitStatus=255

The latter has the benefit, that we don't need to parse the config twice
and there is no race condition between ExecStartPre and ExecStart where
the config file might have been modified.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150512/a2a02f49/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list