Jump to content

SOLVED: sshd ignores ListenAddress (due to ssh.socket service)


Go to solution Solved by ovacikar,

Recommended Posts

Posted (edited)

Using Orange Pi zero 2 Debian bookworm minimal 24.5.1 image , I have disabled Network manager and enabled ifupdown service with static IP configuration.

 

Linux orangepizero2 6.6.31-current-sunxi64 #1 SMP Fri May 17 10:02:40 UTC 2024 aarch64 GNU/Linux 

 

Trying to restrict ssh to listen on  IP assigned to end0 only, but it is ignoring the ListenAddress 192.168.8.1:22 directive. It listens on all interfaces, which I do not want.

sudo service ssh status
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)
     Active: active (running) since Thu 2024-05-30 16:10:42 UTC; 22s ago
TriggeredBy: ● ssh.socket
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 1362 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 1363 (sshd)
      Tasks: 1 (limit: 932)
     Memory: 1.3M
        CPU: 231ms
     CGroup: /system.slice/ssh.service
             └─1363 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

May 30 16:10:41 orangepizero2 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 30 16:10:42 orangepizero2 sshd[1363]: debug3: already daemonized
May 30 16:10:42 orangepizero2 sshd[1363]: debug3: oom_adjust_setup
May 30 16:10:42 orangepizero2 systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
May 30 16:10:42 orangepizero2 sshd[1363]: debug1: Set /proc/self/oom_score_adj from 0 to -1000
May 30 16:10:42 orangepizero2 sshd[1363]: debug2: fd 3 setting O_NONBLOCK
May 30 16:10:42 orangepizero2 sshd[1363]: Server listening on :: port 22.

 

 

 

Edited by ovacikar
  • ovacikar changed the title to sshd ignores ListenAddress , restarting it with a broken config file fixes it
  • Solution
Posted (edited)

Investigating the  "TriggeredBy: ● ssh.socket" line on this machine, I found a Ubuntu article and disabled ssh.socket service. This appears to be present in armbian debian release only. A Google search for "bookworm ssh.socket" only results with another armbian user reporting it on a community build version of another board.

 

 

Edited by ovacikar
  • ovacikar changed the title to SOLVED: sshd ignores ListenAddress (due to ssh.socket service)
Posted (edited)

I'm checking it - It's my fault TBH, to get ssh to start reliably on first boot on Debian Trixie the only way was to move it to socket activation

Perhaps there's an additional route to try - unfortunately at the moment Trixie cannot be built via debootstrap due to changes to wireguard package (wireguard-tools not available in repo)

 

I'll closely monitor the situation and find a solution asap - worst case scenario we can revert my previous changes from here PR #6586

Apologies for the inconvenience, and thank you for reporting this issue!

Edited by Alessandro Lannocca
typo

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines