The SSH Daemon writes its sshd.pid file only after it generates its ephemeral server key. This makes the amount of time between starting the daemon and the creation / update of the sshd.pid file variable, and can cause a race condition with e.g. /sbin/init.d scripts which start the daemon and then want to check to see that the start was successful. Please move the sshd.pid create/update to happen before the generation of the ephemeral server key, so that the new SSH Daemon pid is written to the sshd.pid file very shortly after the process starts executing. Thanks.
What if the ephemeral key generation fails (e.g. not enough entropy, etc)
There always exists the possibility that something will cause a daemon to fail to complete its startup, or to fail after it has started successfully. This seems to boil down to the question: is it more important to ensure that every service starts successfully, or is it more important to get the system up and running so that other services can be offered? I am uncertain how I feel about this question regarding SSH. SSH is a critical system service from an administrative point of view, and for systems which have interactive users other than administrators. For systems which provide application services but do not have users logging in directly, SSH is not critical. Generally, I think I have seen a preference to daemons starting up as asynchronously as possible during system boot. Also, if key generation fails due to lack of entropy, it indicates either a misconfiguration or a rare problem on that particular server. The current state (write .pid file after key generation) creates a problem for many more systems. So, I still prefer to have the .pid file written before key generation rather than after. Thanks for considering the request. Which way will you go with it?
I don't think we will change the default behaviour. I think it better that we record a pid only after the daemon is fully started up, to do otherwise would be misleading.
Mass change of RESOLVED bugs to CLOSED