ovacikar Posted May 30 Posted May 30 (edited) Using Orange Pi zero 2 Debian bookworm minimal 24.5.1 image , I have disabled Network manager and enabled ifupdown service with static IP configuration. Linux orangepizero2 6.6.31-current-sunxi64 #1 SMP Fri May 17 10:02:40 UTC 2024 aarch64 GNU/Linux Trying to restrict ssh to listen on IP assigned to end0 only, but it is ignoring the ListenAddress 192.168.8.1:22 directive. It listens on all interfaces, which I do not want. sudo service ssh status ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled) Active: active (running) since Thu 2024-05-30 16:10:42 UTC; 22s ago TriggeredBy: ● ssh.socket Docs: man:sshd(8) man:sshd_config(5) Process: 1362 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 1363 (sshd) Tasks: 1 (limit: 932) Memory: 1.3M CPU: 231ms CGroup: /system.slice/ssh.service └─1363 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" May 30 16:10:41 orangepizero2 systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 30 16:10:42 orangepizero2 sshd[1363]: debug3: already daemonized May 30 16:10:42 orangepizero2 sshd[1363]: debug3: oom_adjust_setup May 30 16:10:42 orangepizero2 systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 30 16:10:42 orangepizero2 sshd[1363]: debug1: Set /proc/self/oom_score_adj from 0 to -1000 May 30 16:10:42 orangepizero2 sshd[1363]: debug2: fd 3 setting O_NONBLOCK May 30 16:10:42 orangepizero2 sshd[1363]: Server listening on :: port 22. Edited May 30 by ovacikar 0 Quote
Solution ovacikar Posted May 30 Author Solution Posted May 30 (edited) Investigating the "TriggeredBy: ● ssh.socket" line on this machine, I found a Ubuntu article and disabled ssh.socket service. This appears to be present in armbian debian release only. A Google search for "bookworm ssh.socket" only results with another armbian user reporting it on a community build version of another board. Edited May 30 by ovacikar 0 Quote
Alessandro Lannocca Posted June 1 Posted June 1 (edited) I'm checking it - It's my fault TBH, to get ssh to start reliably on first boot on Debian Trixie the only way was to move it to socket activation Perhaps there's an additional route to try - unfortunately at the moment Trixie cannot be built via debootstrap due to changes to wireguard package (wireguard-tools not available in repo) I'll closely monitor the situation and find a solution asap - worst case scenario we can revert my previous changes from here PR #6586 Apologies for the inconvenience, and thank you for reporting this issue! Edited June 1 by Alessandro Lannocca typo 0 Quote
Alessandro Lannocca Posted June 2 Posted June 2 Should be fixed by PR #6687 - my tests went well - additional testing and feedback welcome 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.