[Bug 2020560] Re: ssh.service and ssh.socket both running.

moose 2020560 at bugs.launchpad.net
Tue May 23 18:06:47 UTC 2023 

Ok. The solution to this problem was to restart not ssh.service but ssh.socket. Thus:
sudo systemctl daemon-reload
sudo systemctl restart ssh.socket

I think the documentation, such as it is, should make this clear.
Googling around gets you several hits that say you should sudo systemctl
restart ssh (which is ssh.service) which is incorrect.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2020560

Title:
  ssh.service and ssh.socket both running.

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  I am running Ubuntu 23.04. The out-of-the-box configuration allows SSH
  access on port 22. I wish to have ssh listen on both ports 22 and
  7022. The ssh_config file contains a comment that Ubuntu now uses
  socket activated connections and thus ignores the Port and
  ListenAddress entries. I looked up the ssh socket activation and found
  that I needed a /etc/systemd/system/ssh.socket.d directory that
  contains a listen.conf file. I created the directory and the
  listen.conf file that contains this.

  [Socket]
  # Uncomment the following line to turn of listening on port 22.
  #ListenStream=
  ListenStream=7022

  I then ran these two commands:
  sudo systemctl daemon-reload
  sudo systemctl restart ssh

  I then checked for port listeners:
  root# lsof -i -P -n | grep LISTEN
  systemd         1            root  454u  IPv6    25979      0t0  TCP *:22 (LISTEN)
  systemd-r     638 systemd-resolve   14u  IPv4    35332      0t0  TCP 127.0.0.53:53 (LISTEN)
  systemd-r     638 systemd-resolve   16u  IPv4    35334      0t0  TCP 127.0.0.54:53 (LISTEN)
  Xtigervnc     941           moose    9u  IPv4    22485      0t0  TCP 127.0.0.1:5902 (LISTEN)
  Xtigervnc     941           moose   10u  IPv6    22486      0t0  TCP [::1]:5902 (LISTEN)
  cupsd     2258639            root    6u  IPv6 33526334      0t0  TCP [::1]:631 (LISTEN)
  cupsd     2258639            root    7u  IPv4 33526335      0t0  TCP 127.0.0.1:631 (LISTEN)
  sshd      3698765            root    3u  IPv6    25979      0t0  TCP *:22 (LISTEN)

  I then discovered that both ssh.service and ssh.socket are running:
  root@/etc/netplan# systemctl status ssh.service
  ? ssh.service - OpenBSD Secure Shell server
       Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)
      Drop-In: /etc/systemd/system/ssh.service.d
               ??00-socket.conf
       Active: active (running) since Tue 2023-05-23 11:17:29 EDT; 36min ago
  TriggeredBy: ? ssh.socket
         Docs: man:sshd(8)
               man:sshd_config(5)
      Process: 3698763 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
     Main PID: 3698765 (sshd)
        Tasks: 3 (limit: 38046)
       Memory: 3.6M
          CPU: 206ms
       CGroup: /system.slice/ssh.service
               ??3698765 "sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups"
               ??3777496 "sshd: root [priv]"
               ??3777497 "sshd: root [net]"

  May 23 11:51:44 alces sshd[3771657]: ...
  Hint: Some lines were ellipsized, use -l to show in full.
  root@/etc/netplan# systemctl status ssh.socket
  ? ssh.socket - OpenBSD Secure Shell server socket
       Loaded: loaded (/lib/systemd/system/ssh.socket; enabled; preset: enabled)
      Drop-In: /etc/systemd/system/ssh.socket.d
               ??listen.conf
       Active: active (running) since Mon 2023-05-15 09:23:44 EDT; 1 week 1 day ago
        Until: Mon 2023-05-15 09:23:44 EDT; 1 week 1 day ago
     Triggers: ? ssh.service
       Listen: [::]:22 (Stream)
               [::]:7022 (Stream)
        Tasks: 0 (limit: 38046)
       Memory: 8.0K
          CPU: 569us
       CGroup: /system.slice/ssh.socket

  May 15 09:23:44 alces systemd[1]: ...
  Hint: Some lines were ellipsized, use -l to show in full.

  
  Finally, I found that /lib/systemd/system contains both ssh.service and ssh.socket configurations.
  ssh.service:
  [Unit]
  Description=OpenBSD Secure Shell server
  Documentation=man:sshd(8) man:sshd_config(5)
  After=network.target auditd.service
  ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

  [Service]
  EnvironmentFile=-/etc/default/ssh
  ExecStartPre=/usr/sbin/sshd -t
  ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
  ExecReload=/usr/sbin/sshd -t
  ExecReload=/bin/kill -HUP $MAINPID
  KillMode=process
  Restart=on-failure
  RestartPreventExitStatus=255
  Type=notify

  [Install]
  WantedBy=multi-user.target
  Alias=sshd.service

  ssh.socket:
  [Unit]
  Description=OpenBSD Secure Shell server socket
  Before=sockets.target
  ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

  [Socket]
  ListenStream=22
  Accept=no

  [Install]
  WantedBy=sockets.target

  Finally, in /etc/systemd/system there is an ssh.service.d directory
  that contains the 00-socket.conf file that contains:

  [Unit]
  After=ssh.socket
  Requires=ssh.socket

  
  This is very confusing. I could disable ssh.service, but I am concerned that if I do this I will lose ssh connectivity to my headless server. What is the way out of this morass? It would be VERY helpful if there was a comprehensive guide to the current ssh configuration that explains what services to run, how to configure those services, and where the configuration files should reside.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2020560/+subscriptions

More information about the foundations-bugs mailing list