Sometimes sshd should be used only for localhost, e.g., with virtualgl and bumblebee for running 3D applications on the discrete graphics card while the rest of the desktop is running on integrated GPU. Now in case when there is no available network sshd doesn't start and also virtualgl service fails to start since it depends on it. Uncommenting "need net" in the initscript allows to start sshd and use bumblebee while offline. "need net" probably should be replaced with something like "after net" which doesn't fail if there is no net. Reproducible: Always Steps to Reproduce: 1. Disconnect from all networks 2. Start sshd Actual Results: sshd fails to start since there is no net available. Expected Results: It starts for the use on localhost. Portage 2.1.10.54 (default/linux/amd64/10.0/desktop/gnome, gcc-4.6.2, glibc-2.14.1-r2, 3.2.12-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.2.12-gentoo-x86_64-Intel-R-_Core-TM-_i7-2630QM_CPU_@_2.00GHz-with-gentoo-2.1 Timestamp of tree: Mon, 02 Apr 2012 08:45:01 +0000 app-shells/bash: 4.2_p24 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.6.7-r2, 2.7.2-r3, 3.1.4-r4, 3.2.2-r1 dev-util/cmake: 2.8.7-r5 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.1 sys-apps/openrc: 0.9.9.3 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.3 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.4.7, 4.5.3-r2, 4.6.2 sys-devel/gcc-config: 1.6 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r3 sys-kernel/linux-headers: 3.3 (virtual/os-headers) sys-libs/glibc: 2.14.1-r2 Repositories: gentoo x11 science gamerlay-stable bumblebee local ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -mtune=native -O3 -pipe -ggdb" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -mtune=native -O3 -pipe -ggdb" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="" FEATURES="assume-digests binpkg-logs compress-build-logs distlocks ebuild-locks fixlafiles news parallel-fetch parallel-install protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-march=native -mtune=native -O3 -pipe -ggdb" GENTOO_MIRRORS="ftp://trumpetti.atm.tut.fi/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ http://gentoo.tups.lv/source/ " LANG="lv_LV.UTF-8" LC_ALL="lv_LV.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="lv en" MAKEOPTS="-j9" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/x11 /var/lib/layman/science /var/lib/layman/gamerlay /var/lib/layman/bumblebee /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa amd64 avx bash-completion berkdb bluetooth branding bzip2 cairo cdda cdio cdr cjk cleartype cli colord consolekit cracklib crypt cups cxx dbus dirac djvu dri dts dvd dvdr eds emboss encode evo exif fam ffmpeg fftw firefox flac fontconfig fortran gdbm gdu gif gnome gnome-keyring gnome-online-accounts gphoto2 gpm gsm gstreamer gtk gtk3 iconv idn ipv6 jpeg kate lcms ldap libcaca libnotify live mad matroska mmx mng modules mp3 mp4 mpeg mtp mudflap multilib musepack nautilus ncurses networkmanager nls nptl nptlonly ogg openexr opengl openmp pam pango pcre pdf png policykit ppds pppd pulseaudio qt3support qt4 raw readline schroedinger sdl session smp socialweb speex spell sse sse2 sse4_1 ssl ssse3 startup-notification svg sysfs system-sqlite tcpd theora tiff truetype udev unicode usb v4l v4l2 vaapi vorbis vpx wmf x264 xcb xetex xml xmp xorg xpm xulrunner xv xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" FOO2ZJS_DEVICES="hp1018" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="lv en" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="dummy fbdev nvidia i965 intel vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= net-misc/openssh-5.9_p1-r4 was built with the following: USE="X hpn ldap (multilib) pam tcpd -X509 -kerberos -libedit (-selinux) -skey -static" CFLAGS="-march=native -O3 -pipe -ggdb" CXXFLAGS="-march=native -O3 -pipe -ggdb"
I think I jumped to this too quickly. It turns out that virtualgl dependency on sshd is not needed for the use with bumblebee at all. So I'll leave it for the jujement of the maintainer to decide on sshd dependency on net.
pretty sure you should set rc_depend_strict=NO if you want net.lo to satisfy
I recommend dropping "need net" from sshd's init script since sshd by default can adapt to interfaces going up and down and doesn't care which interfaces are up when it is started.
(In reply to comment #3) yes, in its default config, it can do that. but if we drop the need net now, i'm pretty sure we run a good chance of breaking people who aren't using a default config. e.g. people who specify ListenAddress for a specific IP. in that case, ssh will error out immediately with: Bind to port 22 on 10.1.1.2 failed: Cannot assign requested address. that means people running headless servers can easily get screwed. we could have the init.d script parse sshd_config and if any ListenAddress options are set, default to 'after net'.
(In reply to comment #4) > (In reply to comment #3) > > yes, in its default config, it can do that. but if we drop the need net > now, i'm pretty sure we run a good chance of breaking people who aren't > using a default config. e.g. people who specify ListenAddress for a > specific IP. in that case, ssh will error out immediately with: > Bind to port 22 on 10.1.1.2 failed: Cannot assign requested address. > > that means people running headless servers can easily get screwed. > > we could have the init.d script parse sshd_config and if any ListenAddress > options are set, default to 'after net'. This sounds reasonable to me: 1. if rc_need contains net.* ; do nothing # they have migrated 2. if ListenAddress is empty, or contains only :: and 0.0.0.0; do nothing # it will still work 3. otherwise, for now, default to 'need net' with a big warning.
(In reply to comment #5) > (In reply to comment #4) > > (In reply to comment #3) > > > > yes, in its default config, it can do that. but if we drop the need net > > now, i'm pretty sure we run a good chance of breaking people who aren't > > using a default config. e.g. people who specify ListenAddress for a > > specific IP. in that case, ssh will error out immediately with: > > Bind to port 22 on 10.1.1.2 failed: Cannot assign requested address. > > > > that means people running headless servers can easily get screwed. > > > > we could have the init.d script parse sshd_config and if any ListenAddress > > options are set, default to 'after net'. > > This sounds reasonable to me: > 1. if rc_need contains net.* ; do nothing # they have migrated My concern is that net.* is not the only service a user can put into rc_need that could potentially give them a network connection. I can think of at least net.*, and network if they are using a static connection, or if they are using a dynamic connection, net.*, networkmanager, badvpn-ncd, dhcpcd, and wicd. These are just the things we know about; people could have their own services that could give them a network connection. > 2. if ListenAddress is empty, or contains only :: and 0.0.0.0; do nothing # > it will still work Agreed. > 3. otherwise, for now, default to 'need net' with a big warning. The net virtual is there for now, but as flameeyes points out, there are many issues that make it unreliable [1]. If we decide to kill it, this case puts users back to square one. I would rather see us not using it at all. [1] http://blog.flameeyes.eu/2012/10/may-i-have-a-network-connection-please
(In reply to comment #5) (1) i think we can just say "if rc_need is set". very few people do this. (2) well, [::] to be more precise for IPv6 (In reply to comment #6) i can't see dropping "net" completely being feasible
(In reply to comment #7) > (In reply to comment #5) > (1) i think we can just say "if rc_need is set". very few people do this. Ok, fine. > (2) well, [::] to be more precise for IPv6 The default sshd_config has: ListenAddress :: The [::] is only required if you want to include a port in the ListenAddress. Updated rules: 1. if rc_need is set ; do nothing # they have migrated 2. if ListenAddress is empty, or contains only ::, [::], and/or 0.0.0.0; do nothing 3. otherwise, for now, default to 'need net' with a big warning. Can we get this implemented?
What if we do like for ntp-client and make it an after net?
(In reply to comment #9) the 'after net' would be the default fallback. there's potential for optimization here on a parallel system with default (listen all) settings.
(In reply to comment #10) > (In reply to comment #9) > > the 'after net' would be the default fallback. there's potential for > optimization here on a parallel system with default (listen all) settings. Can you approve comment #8 and I will implement it?
vapier: files/sshd.rc6.4 is in the tree with my proposed comment 8 stuff. Not installed via the ebuild pending your ACK.
InCVS as of 6.1_p1-r1
