Werk #17679: mk_sshd_config: Support for Ubuntu 24.04 systems before first SSH session

Component

Checks & agents

Title

mk_sshd_config: Support for Ubuntu 24.04 systems before first SSH session

Date

Mar 4, 2025

Level

Trivial Change

Class

Bug Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.5.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.4.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p29	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

The agent plugin mk_sshd_config monitors the SSH daemon configuration based on the output of sshd -T. On Ubuntu 24.04 (and possibly also other systems), sshd -T only succeeds after the first incoming SSH session. Before, the command fails with

$ sudo sshd -T
Missing privilege separation directory: /run/sshd

To solve this issue, mk_sshd_config now implements a fallback to sshd -G in case sshd -T fails. Note that sshd -G cannot fully replace sshd -T, since the -G option is not available on all platforms.

To the list of all Werks