I could not reproduce the issue. However, it seems the upgrade action starts a new ssh daemon at port 1022:
Continue running under SSH?
This session appears to be running under ssh. It is not recommended
to perform a upgrade over ssh currently because in case of failure it
is harder to recover.
If you continue, an additional ssh daemon will be started at port
Do you want to continue?
Continue [yN] y
Starting additional sshd
To make recovery in case of failure easier, an additional sshd will
be started on port '1022'. If anything goes wrong with the running
ssh you can still connect to the additional one.
If you run a firewall, you may need to temporarily open this port. As
this is potentially dangerous it's not done automatically. You can
open the port with e.g.:
'iptables -I INPUT -p tcp --dport 1022 -j ACCEPT'
To continue please press [ENTER]
This daemon might be still running so we can connect to the instance through it. Can you give it a try?
Looking for a reason, it seems the upgrade task also ask for modifying the ssh configuration:
Configuration file '/etc/ssh/ssh_config'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** ssh_config (Y/I/N/O/D/Z) [default=N] ?
If we select showing the differences, we get:
--- /etc/ssh/ssh_config 2018-08-15 10:44:39.331636732 +0000
+++ /etc/ssh/ssh_config.dpkg-new 2019-01-31 13:58:34.000000000 +0000
@@ -20,8 +20,6 @@
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
-# RhostsRSAAuthentication no
-# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
@@ -33,16 +31,14 @@
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
-# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
-# Cipher 3des
-# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
-# MACs hmac-md5,hmac-sha1,email@example.com,hmac-ripemd160
+# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
+# MACs hmac-md5,hmac-sha1,firstname.lastname@example.org
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
@@ -53,7 +49,3 @@
SendEnv LANG LC_*
- GSSAPIDelegateCredentials no
- UseRoaming no
I chose to install the package maintainer’s version as I think the changes will not break our current connection. After rebooting, I could ssh the instance and the ssh daemon is working as expected:
$ sudo netstat -plnt | grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1116/sshd
tcp6 0 0 :::22 :::* LISTEN 1116/sshd
Was my answer helpful? Click on