Fix sshd re-execution behavior with systemd socket activation

Nick Rosbrookrequested to merge
enr0n/openssh:fix-sshd-reexec-with-socket-activation into master

Currently, the fds passed by systemd will get closed on re-execution of sshd, since sd_listen_fds() sets FD_CLOEXEC on all fds passed to the daemon. This causes failures when sshd is "reloaded" and when it is executed in debug mode.

Fix this by removing the FD_CLOEXEC flag from the fds passed by systemd, and do not close these manually in close_listen_socks() either. Additionally, only call sd_listen_fds() once, and only in the parent process, so that FD_CLOEXEC is not accidentally re-configured for the fds. Finally, in sshd child processes, use the LISTEN_FDS environment variable instead of calling sd_listen_fds(), because the function expects the calling pid to be that of the original listening daemon, i.e. the sshd parent process.

Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2011458 Last-Update: 2023-04-17

Patch-Name: systemd-socket-activation.patch

Merge request reports