summaryrefslogtreecommitdiff
path: root/debian/README.Debian
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-10-21 10:36:27 +0100
committerColin Watson <cjwatson@debian.org>2018-10-21 10:38:28 +0100
commit02b3fee8901679a5e058f66691067675208a4ae5 (patch)
tree4285b09ce6cfd3226b1890972666015cb4aa030d /debian/README.Debian
parent2df9bff12640a33749f0f20ae806b6efac327116 (diff)
Remove /etc/network/if-up.d/openssh-server
It causes more problems than it solves. Add an "if-up hook removed" section to README.Debian documenting the corner case that may need configuration adjustments. Thanks, Christian Ehrhardt, Andreas Hasenack, and David Britton. Closes: #789532 LP: #1037738, #1674330, #1718227
Diffstat (limited to 'debian/README.Debian')
-rw-r--r--debian/README.Debian21
1 files changed, 21 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian
index 58a5741b0..48f42c4e8 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -249,6 +249,27 @@ options related to it are now deprecated and should be removed from
249The Protocol option is also no longer needed, although it is silently 249The Protocol option is also no longer needed, although it is silently
250ignored rather than deprecated. 250ignored rather than deprecated.
251 251
252if-up hook removed
253------------------
254
255openssh-server previously shipped an if-up hook that restarted sshd when a
256network interface came up. This generally caused more problems than it
257solved: for instance, it means that sshd stops listening briefly while being
258restarted, which can cause problems in some environments, particularly
259automated tests.
260
261The only known situation where the if-up hook was useful was when
262sshd_config was changed to add ListenAddress entries for particular IP
263addresses, overriding the default of listening on all addresses, and the
264system is one that often roams between networks. In such a situation, it is
265better to remove ListenAddress entries from sshd_config (restoring it to the
266default behaviour) and instead use firewall rules to restrict incoming SSH
267connections to only the desired interfaces or addresses.
268
269For further discussion, see:
270
271 https://bugs.launchpad.net/bugs/1674330
272
252-- 273--
253Matthew Vernon <matthew@debian.org> 274Matthew Vernon <matthew@debian.org>
254Colin Watson <cjwatson@debian.org> 275Colin Watson <cjwatson@debian.org>