[Bug 2020560] [NEW] ssh.service and ssh.socket both running.

Launchpad Bug Tracker 2020560 at bugs.launchpad.net
Tue May 23 16:55:15 UTC 2023 

You have been subscribed to a public bug:

I am running Ubuntu 23.04. The out-of-the-box configuration allows SSH
access on port 22. I wish to have ssh listen on both ports 22 and 7022.
The ssh_config file contains a comment that Ubuntu now uses socket
activated connections and thus ignores the Port and ListenAddress
entries. I looked up the ssh socket activation and found that I needed a
/etc/systemd/system/ssh.socket.d directory that contains a listen.conf
file. I created the directory and the listen.conf file that contains
this.

[Socket]
# Uncomment the following line to turn of listening on port 22.
#ListenStream=
ListenStream=7022

I then ran these two commands:
sudo systemctl daemon-reload
sudo systemctl restart ssh

I then checked for port listeners:
root# lsof -i -P -n | grep LISTEN
systemd         1            root  454u  IPv6    25979      0t0  TCP *:22 (LISTEN)
systemd-r     638 systemd-resolve   14u  IPv4    35332      0t0  TCP 127.0.0.53:53 (LISTEN)
systemd-r     638 systemd-resolve   16u  IPv4    35334      0t0  TCP 127.0.0.54:53 (LISTEN)
Xtigervnc     941           moose    9u  IPv4    22485      0t0  TCP 127.0.0.1:5902 (LISTEN)
Xtigervnc     941           moose   10u  IPv6    22486      0t0  TCP [::1]:5902 (LISTEN)
cupsd     2258639            root    6u  IPv6 33526334      0t0  TCP [::1]:631 (LISTEN)
cupsd     2258639            root    7u  IPv4 33526335      0t0  TCP 127.0.0.1:631 (LISTEN)
sshd      3698765            root    3u  IPv6    25979      0t0  TCP *:22 (LISTEN)

I then discovered that both ssh.service and ssh.socket are running:
root@/etc/netplan# systemctl status ssh.service
? ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)
    Drop-In: /etc/systemd/system/ssh.service.d
             ??00-socket.conf
     Active: active (running) since Tue 2023-05-23 11:17:29 EDT; 36min ago
TriggeredBy: ? ssh.socket
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 3698763 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 3698765 (sshd)
      Tasks: 3 (limit: 38046)
     Memory: 3.6M
        CPU: 206ms
     CGroup: /system.slice/ssh.service
             ??3698765 "sshd: /usr/sbin/sshd -D [listener] 1 of 10-100 startups"
             ??3777496 "sshd: root [priv]"
             ??3777497 "sshd: root [net]"

May 23 11:51:44 alces sshd[3771657]: ...
Hint: Some lines were ellipsized, use -l to show in full.
root@/etc/netplan# systemctl status ssh.socket
? ssh.socket - OpenBSD Secure Shell server socket
     Loaded: loaded (/lib/systemd/system/ssh.socket; enabled; preset: enabled)
    Drop-In: /etc/systemd/system/ssh.socket.d
             ??listen.conf
     Active: active (running) since Mon 2023-05-15 09:23:44 EDT; 1 week 1 day ago
      Until: Mon 2023-05-15 09:23:44 EDT; 1 week 1 day ago
   Triggers: ? ssh.service
     Listen: [::]:22 (Stream)
             [::]:7022 (Stream)
      Tasks: 0 (limit: 38046)
     Memory: 8.0K
        CPU: 569us
     CGroup: /system.slice/ssh.socket

May 15 09:23:44 alces systemd[1]: ...
Hint: Some lines were ellipsized, use -l to show in full.


Finally, I found that /lib/systemd/system contains both ssh.service and ssh.socket configurations.
ssh.service:
[Unit]
Description=OpenBSD Secure Shell server
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify

[Install]
WantedBy=multi-user.target
Alias=sshd.service

ssh.socket:
[Unit]
Description=OpenBSD Secure Shell server socket
Before=sockets.target
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Socket]
ListenStream=22
Accept=no

[Install]
WantedBy=sockets.target

Finally, in /etc/systemd/system there is an ssh.service.d directory that
contains the 00-socket.conf file that contains:

[Unit]
After=ssh.socket
Requires=ssh.socket


This is very confusing. I could disable ssh.service, but I am concerned that if I do this I will lose ssh connectivity to my headless server. What is the way out of this morass? It would be VERY helpful if there was a comprehensive guide to the current ssh configuration that explains what services to run, how to configure those services, and where the configuration files should reside.

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: bot-comment
-- 
ssh.service and ssh.socket both running.
https://bugs.launchpad.net/bugs/2020560
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to openssh in Ubuntu.

More information about the foundations-bugs mailing list