[Secure-testing-team] Bug#873884: [openssh-server] At boot time ssh is listening at port 22 rather than the one configured in sshd_config

Garcia Dabo Cesar Enrique cquike at arcor.de
Thu Aug 31 21:58:30 UTC 2017 

Package: openssh-server
Version: 1:7.4p1-10+deb9u1
Severity: important
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org

--- Please enter the report below this line. ---

I have configured a server with a non-standard port using directive Port in /
etc/ssh/sshd_config, however when I restart the server it listens at port 22.
The ssh related services after rebooting look like this:

# systemctl -a | grep ssh
ssh.service
loaded inactive dead OpenBSD Secure Shell server
system-ssh.slice
loaded active active system-ssh.slice
ssh.socket
loaded active listening OpenBSD Secure Shell server socket

As a workaround, If I restart the ssh server:

# systemctl restart ssh.service

then sshd starts to listen to the configured port as it should be. The
services status look like this:

# systemctl -a | grep ssh
ssh.service
loaded active running OpenBSD Secure Shell server
system-ssh.slice
loaded active active system-ssh.slice
ssh.socket
loaded inactive dead OpenBSD Secure Shell server socket



--- System information. ---
Architecture:
Kernel: Linux 4.9.0-3-amd64

Debian Release: 9.0
500 stable security.debian.org
500 stable ftp.de.debian.org

--- Package information. ---
Depends (Version) | Installed
=============================================-+-======================
adduser (>= 3.9) | 3.115
dpkg (>= 1.9.0) | 1.18.24
libpam-modules (>= 0.72-9) | 1.1.8-3.6
libpam-runtime (>= 0.76-14) | 1.1.8-3.6
lsb-base (>= 4.1+Debian3) | 9.20161125
openssh-client (= 1:7.4p1-10) | 1:7.4p1-10deb9u1
openssh-sftp-server | 1:7.4p1-10deb9u1
procps | 2:3.3.12-3
ucf (>= 0.28) | 3.0036
debconf (>= 0.5) | 1.5.61
OR debconf-2.0 |
init-system-helpers (>= 1.18~) | 1.48
libaudit1 (>= 1:2.2.1) | 1:2.6.7-2
libc6 (>= 2.17) | 2.24-11+deb9u1
libcomerr2 (>= 1.01) | 1.43.4-2
libgssapi-krb5-2 (>= 1.14+dfsg) | 1.15-1
libkrb5-3 (>= 1.13~alpha1+dfsg) | 1.15-1
libpam0g (>= 0.99.7.1) | 1.1.8-3.6
libselinux1 (>= 1.32) | 2.6-3+b1
libssl1.0.2 (>= 1.0.2d) | 1.0.2l-2
libsystemd0 | 232-25+deb9u1
libwrap0 (>= 7.6-4~) | 7.6.q-26
zlib1g (>= 1:1.1.4) | 1:1.2.8.dfsg-5


Recommends (Version) | Installed
=============================-+-===========
libpam-systemd | 232-25+deb9u1
ncurses-term | 6.0+20161126-1
xauth | 1:1.0.9-1+b2


Suggests (Version) | Installed
===========================-+-===========
molly-guard |
monkeysphere |
rssh |
ssh-askpass |
ufw |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20170831/b51d51ba/attachment-0001.html>

More information about the Secure-testing-team mailing list