Urgent news draft: The sshd service needs to be restarted after upgrading to openssh-9.8p1
Hi everyone, As you might have heard by now (or experienced it already), the latest openssh-9.8p1 release requires the sshd daemon to be restarted otherwise new connections cannot establish (the one used to upgrade the package remains intact though). To prevent people from eventually blocking themselves out any further, we would like to introduce a `post_upgrade` transaction for the openssh-9.8p1 package which will restart the sshd service (a MR for that is being worked on [1]), accompanied by an urgent news entry (similarly to what was done for the openssh-8.2p1 release) [2]. Given the urgent aspect of the news, it would be nice to have some quick feedback if possible. I intend to post the news as soon as openssh-9.8p1-2 is released with the `post_upgrade` transaction. --------------- News draft: # The sshd service needs to be restarted after upgrading to openssh-9.8p1 After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections. (See https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5). When upgrading remote hosts, please make sure to restart the SSH daemon using `systemctl restart sshd` right after upgrading. If you are upgrading to openssh-9.8p1-2 or higher, this restart will happen automatically. --------------- [1] https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5... [2] https://archlinux.org/news/sshd-needs-restarting-after-upgrading-to-openssh-... -- Regards, Robin Candau / Antiz
On 2024-07-01 17:31:58 (+0200), Robin Candau wrote:
# The sshd service needs to be restarted after upgrading to openssh-9.8p1
After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections. (See https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5). When upgrading remote hosts, please make sure to restart the SSH daemon using `systemctl restart sshd` right after upgrading. If you are upgrading to openssh-9.8p1-2 or higher, this restart will happen automatically.
I think it may be better to just mention that we are evaluating to do this automatically for future major version upgrades. Whether we get it right properly with -2 is not yet clear ;-) The restart won't hurt either way (unless users have somehow bricked their configuration in the meantime). Other than that, looks good! Thanks for taking the initiative! Best, David -- https://sleepmap.de
On 7/1/24 6:06 PM, David Runge wrote:
On 2024-07-01 17:31:58 (+0200), Robin Candau wrote:
# The sshd service needs to be restarted after upgrading to openssh-9.8p1
After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections. (See https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5). When upgrading remote hosts, please make sure to restart the SSH daemon using `systemctl restart sshd` right after upgrading. If you are upgrading to openssh-9.8p1-2 or higher, this restart will happen automatically.
I think it may be better to just mention that we are evaluating to do this automatically for future major version upgrades. Whether we get it right properly with -2 is not yet clear ;-) The restart won't hurt either way (unless users have somehow bricked their configuration in the meantime).
Other than that, looks good! Thanks for taking the initiative!
Best, David
Yes, it seems to be commonly agreed that this news should be posted right away without waiting for the eventual "post upgrade service restart MR". I will also advise running `systemctl try-restart sshd` rather than `systemctl restart sshd` (to avoid people starting their sshd daemon if it wasn't running initially). Here's an update news draft: ---------------------------- # The sshd service needs to be restarted after upgrading to openssh-9.8p1 After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections. (See https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5). When upgrading remote hosts, please make sure to restart the SSH daemon using `systemctl try-restart sshd` right after upgrading. We are evaluating the possibility to automatically apply that sshd service restart on upgrade in a future release of the openssh-9.8p1 package. ---------------------------- I'll add an "EDIT:" to the news item if we are able to ship an automated restart with a future release of the package. -- Regards, Robin Candau / Antiz
participants (2)
-
David Runge
-
Robin Candau