The sshd service needs to be restarted after upgrading to openssh-9.8p1

This message is coming directly from Archlinux concerning the openssh update for those who are using it:

After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections (see https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/issues/5).
When upgrading remote hosts, please make sure to restart the sshd service using systemctl try-restart sshd right after upgrading.

We are evaluating the possibility to automatically apply a restart of the sshd service on upgrade in a future release of the openssh-9.8p1 package.

https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/

16 Likes

now i know what was my issue 6 minutes ago :wink:

6 Likes

Reason why OpenSSH was patched in the first place:

https://nvd.nist.gov/vuln/detail/CVE-2024-6387

7 Likes

My x86_64 daily driver was aleady at openssh-9.8p1. I only update my LAN server about every month, so it was still 9.7p1. All was still working.

I updated openssh on the LAN server, then rebooted. After reboot every thing was working. I guess the LAN’s reboot was the same as restarting the sshd service.

Thanks for the heads up.

Pudge

1 Like

this issue is patched?
OpenSSH Vulnerability (CVE-2024-6387) Affected Systems Overview:

Directly Affected:

glibc-based Linux Distributions: Virtually all major Linux distributions using glibc are vulnerable, including:
Debian
Ubuntu
Red Hat Enterprise Linux (RHEL)
CentOS
Fedora
SUSE Linux Enterprise Server (SLES)
OpenSUSE
Many others…
Indirectly Affected:

VMware Photon OS: Directly affected as it’s based on glibc.
VMware Appliances: Potentially affected if running on a vulnerable Linux distribution.
Linux Virtual Machines (VMs): Guest VMs running on VMware or other platforms using a vulnerable Linux distribution are also at risk.
Any system running an outdated version of OpenSSH: Versions between 8.5p1 and 9.7p1 are vulnerable, as are versions prior to 4.4p1 unless patched for specific CVEs.
Not Affected:

Alpine Linux: Uses musl libc, not glibc.
BSD Systems: Use a different C library and are not impacted.
macOS: While using a BSD-based kernel, it has additional security mechanisms protecting against this vulnerability.
Windows: Not affected as it’s not a Unix-based system.
ESXi: VMware’s hypervisor uses a custom kernel and is not directly affected.

right it affected the distros based on glibc.

1 Like

Thanks for the heads-up, Bryanpwo! It’s crucial to know that the sshd service needs a restart after the openssh-9.8p1 upgrade. For anyone managing remote hosts, don’t forget to use systemctl restart sshd after the update to avoid connection issues. Looking forward to the potential future update that automates this process!

1 Like