From 6cd1bc53160973fc421c59f66aaa7e4b37a8cebe Mon Sep 17 00:00:00 2001
From: Ed Maste <emaste@FreeBSD.org>
Date: Mon, 2 May 2022 13:16:19 -0400
Subject: [PATCH] freebsd-update: restart sshd after upgrade

Sometimes the parent-child sshd protocol changes during an upgrade, and
when this happens sshd will not accept new connections until it is
restarted.

PR:		263489
Reviewed by:	kevans, gjb
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D35109
---
 usr.sbin/freebsd-update/freebsd-update.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh
index 9743cd652d16..078043326115 100644
--- a/usr.sbin/freebsd-update/freebsd-update.sh
+++ b/usr.sbin/freebsd-update/freebsd-update.sh
@@ -3023,6 +3023,14 @@ Kernel updates have been installed.  Please reboot and run
 		install_from_index INDEX-NEW || return 1
 		install_delete INDEX-OLD INDEX-NEW || return 1
 
+		# Restart sshd if running (PR263489).  Note that this does not
+		# affect child sshd processes handling existing sessions.
+		if service sshd status >/dev/null 2>/dev/null; then
+			echo
+			echo "Restarting sshd after upgrade"
+			service sshd restart
+		fi
+
 		# Rehash certs if we actually have certctl installed.
 		if which certctl>/dev/null; then
 			env DESTDIR=${BASEDIR} certctl rehash