Hello,
thought I'd post my findings as I have no clue whatsoever why this happened.
I eventually found the solution through google and a bit of trial and error.
Problem:
After apt -y upgrade the systemd service sshd.service shows an error starting and sshd is non-functional.
Manually running sshd -t reveals that it errors out with "Missing privilege separation directory".
Cause:
According to /lib/tmpfiles.d/openssh-server.conf sshd needs the directory /run/sshd.
The directory is not present and is not created at boot.
This is new behaviour after the update. Yet, it seems this is a known problem, as I found an old post about this in a ubuntu forum[1].
Solution:
Get the directory to be created at boot.[2]
There are multiple ways to achieve that, in my case I added a systemd service.
content of fix_sshd.service
edited sshd.service "After" line to include my new service,
made the file that links to /etc/systemd/system/sshd.service which is /lib/systemd/system/ssh.service immutable,
(not sure if I needed to, but I don't want another package update to break it again)
and finally rebooted.
Now sshd works again.
[1]: https://askubuntu.com/questions/111...g-privilege-separation-directory-var-run-sshd
[2]: https://askubuntu.com/questions/110...aused-by-missing-var-run-sshd/1110843#1110843
thought I'd post my findings as I have no clue whatsoever why this happened.
I eventually found the solution through google and a bit of trial and error.
Problem:
After apt -y upgrade the systemd service sshd.service shows an error starting and sshd is non-functional.
Manually running sshd -t reveals that it errors out with "Missing privilege separation directory".
Cause:
According to /lib/tmpfiles.d/openssh-server.conf sshd needs the directory /run/sshd.
The directory is not present and is not created at boot.
This is new behaviour after the update. Yet, it seems this is a known problem, as I found an old post about this in a ubuntu forum[1].
Solution:
Get the directory to be created at boot.[2]
There are multiple ways to achieve that, in my case I added a systemd service.
content of fix_sshd.service
Code:
[Unit]
Description=fix sshd.service
After=network-online.target
[Service]
Type=simple
Restart=on-failure
StartLimitBurst=1
StartLimitInterval=30
User=root
ExecStart=/bin/mkdir -p -m 755 /run/sshd
[Install]
WantedBy=multi-user.targetedited sshd.service "After" line to include my new service,
After=network.target auditd.service fix_sshd.servicemade the file that links to /etc/systemd/system/sshd.service which is /lib/systemd/system/ssh.service immutable,
chattr +i /lib/systemd/system/ssh.service(not sure if I needed to, but I don't want another package update to break it again)
and finally rebooted.
Now sshd works again.
[1]: https://askubuntu.com/questions/111...g-privilege-separation-directory-var-run-sshd
[2]: https://askubuntu.com/questions/110...aused-by-missing-var-run-sshd/1110843#1110843
