openssh unix dev - Aug 2018 - openssh 7.6 and 7.7 on Oracle Linux 7 (compiled from source) doesn't start correctly with systemd

Latest Oracle Linux (7.5) and openssh 7.4 is bundled as an rpm.  this runs
fine.  if I download openssh 7.6 or 7.7, compile it with the flags
--with-pam and --with-pid-dir=/var/run and install it to /usr/local, modify
the sshd.service file to point to /usr/local/sbin/sshd, the start hangs.
The sshd.service files looks like this:

[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=notify
PIDFile=/var/run/sshd.pid
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/local/sbin/sshd $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target

OPTIONS get's picked up from /etc/sysconfig/sshd and has "-D -4"
as the
options.  systemctl start sshd hangs and it seems like openssh isn't
notifying systemd that it's started.  For awhile, it seemed like sshd
wasn't writing it's pid file but it seems like having changed the flags
to
--with-pid-dir has it writing it's pid file.  The funny thing is that sshd
*does* get started but systemd never recognizes it so ends up killing it
and restarting it over and over and over.  running the sshd under strace
from the command line of course works fine, sshd starts, you can login,
etc., so it's some interaction with systemd that I need to get figured out.

Let me know what more I can add to this that would help please.

---


Regards,

Kevin Martin

kevin martin wrote:
> Latest Oracle Linux (7.5) and openssh 7.4 is bundled as an rpm.  this runs
> fine.  if I download openssh 7.6 or 7.7, compile it with the flags
> --with-pam and --with-pid-dir=/var/run and install it to /usr/local, modify
> the sshd.service file to point to /usr/local/sbin/sshd, the start hangs.
> The sshd.service files looks like this:
> 
..
> [Service]
> Type=notify
..
> it seems like openssh isn't notifying systemd that it's started.
I don't think the portable OpenSSH source has any systemd integration,
so that is what you should expect.

--8<-- systemd.service(5)
OPTIONS
..
Type..
	Behavior of notify is similar to simple; however, it is expected
	that the daemon sends a notification message via sd_notify(3) or an
	equivalent call when it has finished starting up.
-->8--

I guess that Oracle has patched sshd to call sd_notify() and thus
introduced dependency on the systemd libraries for sshd. I don't
think that's a good idea at all.

To run upstream OpenSSH-portable set Type=simple and be done with it.


//Peter

On Wed, Aug 22, 2018 at 11:23:11AM +0000, Peter Stuge
wrote:
> I guess that Oracle has patched sshd to call sd_notify() and thus
Well, RedHat.
> introduced dependency on the systemd libraries for sshd. I don't
Yup
  % ldd /usr/sbin/sshd | grep syst
          libsystemd.so.0 => /lib64/libsystemd.so.0 (0x00007f0e5b715000)

-- 

rgds
Stephen