Hello, I'm registering a strange new behavior after updating openssh on my CentOS 7.3 server.
Firt of all difference of systemd service configuration between new openssh-server-6.6.1p1-35.el7_3.x86_64 and old openssh-server-6.6.1p1-33.el7_3.x86_6
[root@c7service ~]# diff new_sshd.service old_sshd.service 8c8,9 < Type=notify ---
Type=forking PIDFile=/var/run/sshd.pid
10c11 < ExecStart=/usr/sbin/sshd -D $OPTIONS ---
ExecStart=/usr/sbin/sshd $OPTIONS
15d15 < RestartPreventExitStatus=255
It changed the Type and it was also added the RestartPreventExitStatus directove.
The effects I'm noticing are:
1) If using NetworkManager and no ListenAddress entry in sshd_config --> all ok (listen on ipv4 and ipv6)
2) If using NetworkManager and I put ListenAddress=ip in sshd_config --> all ok
3) If NetworkManager disabled and using only network service and no ListenAddress entry in sshd_config --> ok (listen on ipv4 and ipv6)
4) If NetworkManager disabled and using only network service and I put ListenAddress=ip in sshd_config
--> ko with 255 error and so no restart
5) If NetworkManager disabled and using only network service and I put ListenAddress=0.0.0.0 --> ok
6) If NetworkManager disabled and using only network service and I put ListenAddress=ip and comment out the RestartPreventExitStatus line --> ko with 255 error and after 42s restart and ok of sshd
Can anyone replicate on an RH EL and report? Do you think I can opena a bugzilla for this or NetworkManager is supposed to be kept running as official support?
I have a server with two network interfaces where I want to enable sshd only on the second and I'm blocked if I disable NetworkManager. In the mean time I have commented out the service line related to restart n case of 255 error... I see here that actually 255 is the common exit code for many sshd errors and some discussions about Type of sshd service: https://bugzilla.redhat.com/show_bug.cgi?id=1398360
In changelog of rpm between old and new eleases I only see:
* Wed Mar 01 2017 Jakub Jelen jjelen@redhat.com - 6.6.1p1-35 + 0.9.3-9 - Do not send SD_NOTIFY from forked childern (#1381997)
* Fri Feb 24 2017 Jakub Jelen jjelen@redhat.com - 6.6.1p1-34 + 0.9.3-9 - Add SD_NOTIFY code to help systemd to track running service (#1381997)
Thanks in advance, Gianluca