Debian Bug report logs -
#998834
Multiple subsystem options in sshd_config prevent sshd from starting
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#998834; Package openssh-server.
(Mon, 08 Nov 2021 12:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Marcus Frings <marcus.frings@oc.rwth-aachen.de>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Mon, 08 Nov 2021 12:18:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: openssh-server
Version: 1:8.7p1-1
Severity: important
Dear maintainers,
In /etc/ssh/sshd_config the option
"Subsystem sftp /usr/lib/openssh/sftp-server"
is active by default.
"man 5 sshd_config" states:
"/etc/ssh/sshd_config.d/*.conf files are included at the start of the
configuration file, so options set there will override those in
/etc/ssh/sshd_config."
However, after adding
"Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO"
to /etc/ssh/sshd_config.d/10-marcus-sshd-config.conf, the ssh server fails
to start.
Hence, my attempt to leave the original sshd_config untouched and move
all my manually modified settings to a file parsed via the include
directive results in a broken ssh server.
Running "sshd -T" tells:
/etc/ssh/sshd_config line 116: Subsystem 'sftp' already defined.
This undocumented behaviour contradicts the statement of the man page cited
above. I could not find any Debian bug report in the openssh-* packages
regarding this issue (please forgive me if I missed it).
In the end I dropped my new approach of using
/etc/ssh/sshd_config.d/*.conf and went back to a manually modified
/etc/ssh/sshd_config, until this issue is solved.
By the way, after a brief search on the error message I found the same
problem reported there as well:
https://bugzilla.mindrot.org/show_bug.cgi?id=3236
(Thus, I used the same subject line as in the cited bug report.)
Best regards,
Marcus
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.79
ii dpkg 1.20.9
ii libaudit1 1:3.0.6-1
ii libc6 2.32-4
ii libcom-err2 1.46.4-1
ii libcrypt1 1:4.4.25-2
ii libgssapi-krb5-2 1.18.3-7
ii libkrb5-3 1.18.3-7
ii libpam-modules 1.4.0-10
ii libpam-runtime 1.4.0-10
ii libpam0g 1.4.0-10
ii libselinux1 3.1-3+b1
ii libssl1.1 1.1.1l-1
ii libsystemd0 249.5-2
ii libwrap0 7.6.q-31
ii lsb-base 11.1.0
ii openssh-client 1:8.7p1-1
ii openssh-sftp-server 1:8.7p1-1
ii procps 2:3.3.17-5
ii runit-helper 2.10.3
ii ucf 3.0043
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages openssh-server recommends:
ii libpam-systemd [logind] 249.5-2
pn ncurses-term <none>
ii xauth 1:1.1-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn ssh-askpass <none>
pn ufw <none>
-- debconf information excluded
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Mar 25 18:44:05 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.