17 July 2024

How Debian Broke SSH Server on Upgrades on Bookworm and Ubuntu Noble.

Topics: Linux, Debian and Ubuntu
Tags: ssh
In the past, installing open-ssh-server has conveniently created a group named ssh, that has often been used as the group to allow users ssh access.

In the Bookworm release cycle someone decided that there was some reason ssh was a bad group name and that because only 1 other package was affected, changing to _ssh wouldn’t break anything.

Except, that when there are local changes to ssh group membership the upgrade still renames the existing group to _ssh. For everyone who had used the builtin ssh group, this change broke remote ssh access on the upgrade to Bullseye, and subsequently Ubuntu’s Noble.

The fix is simple, as long as you remember to do it before upgrading a system. Create a new group (you’ll want it to have different gid than the builtin one) something like sshusers, copy the users to it and then update the sshd configuration to ‘AllowGroups sshusers’ and restart the sshd service. Remember to update your ansible playbooks as needed.

Topics

Audio and Video Configuration Management Database Debian and Ubuntu Home Improvement Linux Messaging Perl Security Version Control Web Development Web Servers Windows

Tags

acrobat active-directory aegis ansible apache backup bridgetown build from source catalyst certbot certificates cpanminus exchange expect fluentd form-diva git gnome gnome-network-manager grav iis jekyll keepalived keepass kvm landesk linux-mint load-balancers lumens mint mojo-template mojolicious msi openshot otp owasp payload perl-build perlbrew pi pulse-audio pulseaudio qemu sbc sinatra sms solr spice splunk ssh systemd telephone template-toolkit ubuntu voip votecount voting vrrp wmi