SSHD in OpenSUSE 13.1 no longer creates a pidfile

English Install/Boot/Login
#1

Hi guys,

I’ve been running OpenSUSE for years and finally upgraded to 13.1 a few days ago. One issue I’ve been trying to chase down is the lack of a pidfile in 13.1 compared to any other OpenSUSE distribution, 12.3 and below.

In my researching the issue, I found two things:

  1. sshd is now handled using systemd.
  2. The default option in /usr/lib/systemd/system/sshd.service
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS

which is essentially the same as in prior distributions, no longer results in a pidfile being created in /var/run/. Just try to run sshd using a command line

/usr/sbin/sshd -D

Removing -D results in the pidfile being created correctly.

However, removing -D from /usr/lib/systemd/system/sshd.service also ends up with trying to run sshd twice upon rcsshd restart, for example, at least according to the log message about the port being taken (even if I killall -9 -r sshd first).

So, why does -D no longer produce a pidfile in /var/run/? What changed? Without the pidfile, monit isn’t very happy to monitor sshd (switching it to the “check program” mode is buggy right now).

Any help from SUSE maintainers or anyone with an answer is much appreciated.

#2

If you read man sshd, you’ll find /run/sshd.pid is used instead

    /run/sshd.pid
             Contains the process ID of the sshd listening for connections (if there are several daemons
             running concurrently for different ports, this contains the process ID of the one started
             last).  The content of this file is not sensitive; it can be world-readable.

Some old discussions related to systemd and tmpfs changes:

http://lwn.net/Articles/436012/

http://lists.opensuse.org/opensuse-factory/2012-03/msg00400.html

https://wiki.debian.org/ReleaseGoals/RunDirectory#Why_do_we_need_.2Frun.3F

#3

But /var/run is a symlink (a bind mount actually) to /run for compatibility, so this should not matter.

Well, I am not a maintainer of openssh, and have no idea why this was changed.

But apparently this is intentional, as the package contains a patch to not create the pid file when not running in daemon mode, i.e. when -D is specified:
https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/openssh.2223/openssh-nodaemon-nopid.patch?expand=1

Actually this patch was already added for 12.2:

Wed Aug 15 19:25:08 UTC 2012 - crrodriguez@opensuse.org
  - When not daemonizing, such is used with systemd, no not
  create a PID file

But it seems it just did not work correctly in 12.2 and 12.3 and got fixed for 13.1:

Tue Sep 10 21:15:59 UTC 2013 - crrodriguez@opensuse.org
  - fix the logic in openssh-nodaemon-nopid.patch which is broken
   and pid_file therefore still being created.

So according to that changelog entry, sshd only created a pid file on 12.2 and 12.3 by mistake.

If you think this is a bug and sshd should create a pid file, please file a report at http://bugzilla.novell.com/ (same password/username as here).

You maybe could ask on the openSUSE or openSUSE-Factory mailinglist (f.e.) as well for the reasons.
http://lists.opensuse.org/opensuse/
http://lists.opensuse.org/opensuse-factory/

#4

systemd does not need pidfile to monitor a service. It always knows service PID and gets status change notifications immediately.

#5

Well afaik not until 208 version, previous versions you still need it and it can be in /etc/tmpfiles.d but i can’t really be sure, well not theou PID file itself but it is defined in that directory/file. ;).

What im interested in this thread is where the $MAINPID is defined because you can see some kill -HUP $MAINPID in the init scripts and systemd startup scripts but i cant seem to find where it is defined, maybe systemd knows that already :slight_smile:

#6

I’ve had the same Problem. It’s not just to remove the -D option, here are all my changes to sshd unit file:

--- /org/usr/lib/systemd/system/sshd.service     2013-11-08 19:18:57.000000000 +0000
+++ /new//usr/lib/systemd/system/sshd.service        2014-07-23 10:41:24.859376455 +0000
@@ -3,9 +3,11 @@
 After=network.target
 
 [Service]
+Type=forking
 EnvironmentFile=/etc/sysconfig/ssh
 ExecStartPre=/usr/sbin/sshd-gen-keys-start
-ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
+ExecStart=/usr/sbin/sshd $SSHD_OPTS
+PIDFile=/run/sshd.pid
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=always

For me it works fine. I can check the PID file in /run/sshd.pid and systemd has a valid $MAINPID.