-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: disable ssh.service - enable ssh.socket AND switch firstlogin reload ssh to restart #6586
RFC: disable ssh.service - enable ssh.socket AND switch firstlogin reload ssh to restart #6586
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure how this should fix things. There is most likely a reason why sshd refuses to work at first start but debugging is always difficult when an expected behavior is not reproducible.
On the other hand it probably won't make things worse. That way even the comment above fits 😁
I assume it's some kind of race condition, it appeared for me last couple of days on trixie I "fix" it by customize.sh, disabling sshd.service and enabling sshd.socket: this way it always starts on first boot (I perform root pwd change, user creation, and locale setting via ssh, completely headless) Then during firstlogin.service systemctl fails to reload sshd.service (while triggered via socket) "systemctl reload-or-restart" seemed to work but really it does 1 out of 2 times, while "systemctl restart" always works (used manually) - I pushed second commit out of faith while recompiling the image but then fell asleep Going to test it in an hour, fingers crossed Key takeaway for me is to move default setup from sshd.service to sshd.socket Thanks for your trust and for reading this whole nerdy rant :) |
seems to work, no systemctl error after |
We just need to test this solution better (on stable user spaces) before merging it, if fix is provided right before release. |
Agreed, I'm testing an additional supplementary PR that moves ssh from service to socket in distro-agnostic.sh If it works as I expect I'm going to propose it as an RFC Thanks @igorpecovnik! |
9fe4fa4
to
30c47f6
Compare
it works for me, IMHO it makes sense to avoid a statically-enabled network service in favour of a trigger by socket `kali@kalian:~$ systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/usr/lib/systemd/system/ssh.service; disabled; preset: enabled)
Active: active (running) since Sun 2024-05-12 14:08:35 CEST; 13s ago
TriggeredBy: ● ssh.socket
Docs: man:sshd(8)
man:sshd_config(5)
Process: 2655 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 2657 (sshd)
Tasks: 1 (limit: 18362)
Memory: 2.7M (peak: 19.8M)
CPU: 389ms
CGroup: /system.slice/ssh.service
└─2657 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" able to connect via ssh on first boot on first try, no issues during armbian-firstlogin process restarting sshd |
…login reload ssh to restart (armbian#6586)" This reverts commit fe64f1f.
…login reload ssh to restart (armbian#6586)" This reverts commit fe64f1f.
…login reload ssh to restart (armbian#6586)" This reverts commit fe64f1f.
…login reload ssh to restart (armbian#6586)" This reverts commit fe64f1f.
…login reload ssh to restart (armbian#6586)" This reverts commit fe64f1f.
…login reload ssh to restart (armbian#6586)" This reverts commit fe64f1f.
…login reload ssh to restart (armbian#6586)" This reverts commit fe64f1f.
…login reload ssh to restart (armbian#6586)" This reverts commit fe64f1f.
Description
systemctl restart ssh prevents botching job if sshd is started by socket
How Has This Been Tested?
Quite harmless change which broadens systemctl tolerance towards services, no negative impacts expected
Checklist: