search

trueos / trueos-core

59 stars 18 forks source link

sshd becomes active after upgrades #318

Closed jungle-boogie closed 7 years ago

jungle-boogie commented 7 years ago

Hello,

I have observed that after each TrueOS update I apply to my system (i.e. going from 18 Jan to 27 Jan), sshd and opensshd seem to switch places with the former becoming active again. As a result of this, when attempting to login from a different computer to the trueos system via ssh, I'm advised of the changed ssh identity. This also means sshd becomes active and I need to switch sshd off and openssh on.

Has anyone else who has openssh-portable and sshd installed noticed this as well?

When I say openssh, I mean the pkg of openssh-portable: https://www.freshports.org/security/openssh-portable

When I say sshd, I mean the base sshd daemon/client applications.

kmoore134 commented 7 years ago

On 02/02/2017 10:27, jungle-boogie wrote:

Hello,

I have observed that after each TrueOS update I apply to my system (i.e. going from 18 Jan to 27 Jan), sshd and opensshd seem to switch places with the former becoming active again. As a result of this, when attempting to login from a different computer to the trueos system via ssh, I'm advised of the changed ssh identity. This also means sshd becomes active and I need to switch sshd off and openssh on.

Has anyone else who has openssh-portable and sshd installed noticed this as well?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/trueos/trueos-core/issues/318, or mute the thread https://github.com/notifications/unsubscribe-auth/AB1_IMNDX-0aBfZY0F_ualeFG6gC8Cqnks5rYfXygaJpZM4L1Pxx.

During the updates it reads /etc/rc.conf and does some service activation. Whats in /etc/rc.conf on your box?

-- Kris Moore iXsystems Enterprise Storage & Servers Driven By Open Source

jungle-boogie commented 7 years ago

During the updates it reads /etc/rc.conf and does some service activation. Whats in /etc/rc.conf on your box?

# Auto-Enabled NICs from pc-sysinstall
ifconfig_re0="DHCP"
wlans_ath0="wlan0"
# Auto-Enabled NICs from pc-sysinstall
ifconfig_re0_ipv6="inet6 accept_rtadv"
hostname="emberg.in.lylie.net"
kldload_i915kms="i915kms"
zfs_enable="YES"
if_rtwn_load="YES"
sshd_enable="YES"
panicmail_enable="YES"
dumpdev="AUTO"
ifconfig_wlan0="WPA DHCP"

I don't see sshd listed with rc-status:

% rc-status
Runlevel: default
 zfs                                                                                                                                                            [  started  ]
 openssh                                                                                                                                                        [  crashed  ]
 rpcbind                                                                                                                                                        [  started  ]
 automount                                                                                                                                                      [  started  ]
 dbus                                                                                                                                                           [  crashed  ]
 cupsd                                                                                                                                                          [  started  ]
 statd                                                                                                                                                          [  started  ]
 lockd                                                                                                                                                          [  started  ]
 moused                                                                                                                                                         [  started  ]
 netmount                                                                                                                                                       [  started  ]
 local                                                                                                                                                          [  started  ]
 sysadm                                                                                                                                                         [  started  ]
 openntpd                                                                                                                                                       [  started  ]
 trueosinit                                                                                                                                                     [  started  ]
 pcdm                                                                                                                                                           [  started  ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed/wanted
 modules-load                                                                                                                                                   [  started  ]
 automountd                                                                                                                                                     [  started  ]
 nfsclient                                                                                                                                                      [  started  ]
Dynamic Runlevel: manual
 network.lo0                                                                                                                                                    [  started  ]
 network.wlan0                                                                                                                                                  [  started  ]
 network.re0                                                                                                                                                    [  started  ]
 moused.psm0                                                                                                                                                    [  started  ]
 moused.ums0                                                                                                                                                    [  started  ]
 dhcpcd.re0                                                                                                                                                     [  started  ]
 wpa_supplicant.wlan0                                                                                                                                           [  started  ]
 dhcpcd.wlan0                                                                                                                                                   [  started  ]

opensshd has crashed, though.

jungle-boogie commented 7 years ago

Is it recommended to set sshd to no in /etc/rc.conf` ?

pkgdemon commented 7 years ago

@jungle-boogie I would remove sshd altogether from rc.conf post openrc. It is not started there. Maybe it is prompting the migration script to renable base ssh after update?

pkgdemon commented 7 years ago

Yeah most likely it is sshd_enable="YES" which I see you have listed in rc.conf. I would remove that, zfs_enable="YES", and panicmail_enable="YES". That should fix it. Those are no longer used anyway with openrc.

jungle-boogie commented 7 years ago

Hi @pkgdemon, okay, I'll remove those /etc/rc.conf options and see what happens on the next upgrade.

RodMyers commented 7 years ago

@jungle-boogie is this still an issue with the latest release(s)?

jungle-boogie commented 7 years ago

hi @RodMyers,

Well, kind of...

% ps ax | ack ssh
 3377  -  Is       0:00.00 /usr/local/sbin/sshd
# Auto-Enabled NICs from pc-sysinstall
ifconfig_re0="DHCP"
wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"
# Auto-Enabled NICs from pc-sysinstall
ifconfig_re0_ipv6="inet6 accept_rtadv"
hostname="lovelock.in.rodmyers.net"
kldload_i915kms="i915kms"
if_rtwn_load="YES"
webcamd_enable="YES"
% rc-status | ack ssh
 openssh                                                           [  crashed  ]
ZackaryWelch commented 7 years ago

I did some digging into this and it turns out that both the openssh and sshd OpenRC service files needed some tweaking. The services were not getting the pidfile, which meant that they didn't close properly, so they both conflicted. openssh reported as crashed for a similar reason as well. After the fixes to the service files, openssh does not report as crashed and they both start and stop without issues. If you would like to test this fix, that would be great.

jungle-boogie commented 7 years ago

If you would like to test this fix, that would be great.

How do I test it?

ZackaryWelch commented 7 years ago

It will be included in the next unstable build, which should be in a week. Try it out then and see if it works.

jungle-boogie commented 7 years ago

Gotcha, thanks for tracking this down.