sshd not starting at boot time

plisken · 01-21-2023, 05:29 AM

Running Slackware 15 and find that sshd is not starting at boot time, despite /etc/rc.d/rc.sshd being executable and I've not modified /etc/rc.d/rc.inet2

I can starting it manually.

I am using networkmanager

I'm using run level 4

Can't see any errors in any common logs.

Am I missing something?

Thanks

business_kid · 01-21-2023, 08:51 AM

The rc.sshd script is a very simple one It checks for, or generates keys then starts the daemon. Also check the conf file. The commented lines are program defaults - it's the other ones you want to watch

Chuck56 · 01-21-2023, 09:38 AM

Not enough information. With init4 the OP could be starting NM from the GUI which is later in the startup process. That could impact all sorts of network issues.

bitfuzzy · 01-21-2023, 02:17 PM

Odd.. How do you know it's not running? Can't connect to it remotely??

Chuck56 does have a point, though the NetworkManager issue impacts run level 3 as well.

The issue being that even though the service is running, a connection can't be made to the PC until a user logs in.
This is because until login, the network interface can be inactive.

If you would, reboot your PC

When it comes up, log in and open a console

at your prompt type:

Code:

ps ax | grep 'sshd'

and press enter

Please copy/paste the result (or upload a screenshot of it)

plisken · 01-24-2023, 02:58 AM

I also don't recall using NM much before with Slackware, as I generally use it only for server purposes and init 3 with manual network settings, so this could be the issue?

Yes, ps aux | grep 'sshd' tells me it's not running, together with not being able to connect from other hosts or even to itself. Manually starting resolves but of course that is not the issue.

As an aside, I'm also finding the same with ntpd, it is also not starting at boot time, but again can start manually.

business_kid · 01-24-2023, 05:45 AM

There's also an init script utility that comes with networkmanager that is very little talked about. Is it nm-tui? Whatever it is, I tried it and it works, but it mightn't be called soon enough in rc.M

drgibbon · 01-24-2023, 09:11 AM

Does it start on boot if you add it manually to /etc/rc.d/rc.local ?

Code:

if [ -x /etc/rc.d/rc.sshd ]; then
    /etc/rc.d/rc.sshd start
fi

henca · 01-24-2023, 01:52 PM

One possible reason that your startup scripts are unable to start sshd could be that you are using networkmanager to give your machine an IP address after the startup scripts are done and that you have put that ip address instead of 0.0.0.0 as ListenAddress in /etc/ssh/sshd_config.

regards Henrik

marav · 01-24-2023, 02:33 PM

Code:

-f config_file
             Specifies the name of the configuration file.  
             The default is /etc/ssh/sshd_config.
             sshd refuses to start if there is no configuration file.

Check with:
# /usr/sbin/sshd -f /etc/ssh/sshd_config

chris.willing · 01-24-2023, 05:04 PM

Quote:

Originally Posted by henca

One possible reason that your startup scripts are unable to start sshd could be that you are using networkmanager to give your machine an IP address after the startup scripts are done .....

For services which depend on network being available, I have a script in /etc/NetworkManager/dispatcher.d/ which waits for network to be up before starting the service. For OP's case, try something like:

Code:

# Delay sshd daemon till network available

IF=$1
STATUS=$2

if [ "$IF" = "wlan0" ]; then
  case "$2" in
    up)
      logger "Network Manager UP triggered on $IF - starting sshd"
      /etc/rc.d/rc.sshd stop
      sleep 1
      /etc/rc.d/rc.sshd start
      ;;
     *)
      logger "Network Manager $STATUS triggered on $IF"
     ;;
  esac
fi

Change network target as desired (wlan0 above). Keep it as something like /etc/NetworkManager/dispatcher.d/sshd and make it executable.

chris

arfon · 01-24-2023, 05:40 PM

I'm coming in late to this party but,

After reboot and it fails, is there nothing in /var/log/messages?

Quote:

grep sshd /var/log/messages

marav · 01-24-2023, 05:46 PM

Quote:

Originally Posted by chris.willing

For services which depend on network being available, I have a script in /etc/NetworkManager/dispatcher.d/ which waits for network to be up before starting the service. For OP's case, try something like:

Code:

# Delay sshd daemon till network available

IF=$1
STATUS=$2

if [ "$IF" = "wlan0" ]; then
  case "$2" in
    up)
      logger "Network Manager UP triggered on $IF - starting sshd"
      /etc/rc.d/rc.sshd stop
      sleep 1
      /etc/rc.d/rc.sshd start
      ;;
     *)
      logger "Network Manager $STATUS triggered on $IF"
     ;;
  esac
fi

Change network target as desired (wlan0 above). Keep it as something like /etc/NetworkManager/dispatcher.d/sshd and make it executable.

chris

Sorry, but the network is not required for sshd to start.
edit: as long as your listenaddress is 0.0.0.0 (maybe? have not tested it) nope

henca · 01-25-2023, 12:50 AM

Quote:

Originally Posted by marav

Sorry, but the network is not required for sshd to start.
edit: as long as your listenaddress is 0.0.0.0 (maybe? have not tested it) nope

So you tested to start sshd with a listenaddress which not yet were up? I thought sshd then would be unable to bind to that address, but I haven't tried it myself.

regards Henrik

marav · 01-25-2023, 01:27 AM

Quote:

Originally Posted by henca

So you tested to start sshd with a listenaddress which not yet were up? I thought sshd then would be unable to bind to that address, but I haven't tried it myself.

regards Henrik

How sshd can know an interface is up ? e.g. if you put: ListenAddress 0.0.0.0

It works the same way that AllowUsers or AllowGroups
If the specified user or group does not exist, you just can't connect. Is does not check if that user/group exists

henca · 01-25-2023, 01:06 PM

Quote:

Originally Posted by marav

How sshd can know an interface is up ? e.g. if you put: ListenAddress 0.0.0.0

It works the same way that AllowUsers or AllowGroups
If the specified user or group does not exist, you just can't connect. Is does not check if that user/group exists

The address 0.0.0.0 is a special case as that is known as the "any address", so specifying 0.0.0.0 will make ssh listen on any current or future IP address the machine has.

However, specifying another IP address than 0.0.0.0 might cause trouble if that address is not assigned to the machine when ssh (or any other application) tries to bind its listening socket to that address.

A quick example:

bind_fail.c:

Code:

#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <net/if.h>

int main(void)
{
    const int sockfd = socket(AF_INET, SOCK_STREAM, 0);

    if (sockfd < 0) {
        perror("socket");
        return EXIT_FAILURE;
    }

    const struct sockaddr_in servaddr = {
        .sin_family      = AF_INET,
        .sin_addr.s_addr = inet_addr("123.45.67.89"),
        .sin_port        = htons(2000),
    };
    if (bind(sockfd, (struct sockaddr *) &servaddr,
	     sizeof(struct sockaddr_in))) {
        perror("bind");
        return EXIT_FAILURE;
    }
    printf("Success!\n");
    return 0;
}

Another example:

bind_ok.c:

Code:

#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <net/if.h>

int main(void)
{
    const int sockfd = socket(AF_INET, SOCK_STREAM, 0);

    if (sockfd < 0) {
        perror("socket");
        return EXIT_FAILURE;
    }

    const struct sockaddr_in servaddr = {
        .sin_family      = AF_INET,
        .sin_addr.s_addr = inet_addr("0.0.0.0"),
        .sin_port        = htons(2000),
    };
    if (bind(sockfd, (struct sockaddr *) &servaddr,
	     sizeof(struct sockaddr_in))) {
        perror("bind");
        return EXIT_FAILURE;
    }
    printf("Success!\n");
    return 0;
}

Compiling those files and see what happens when they are run:

Code:

nazgul:/tmp> gcc -o bind_ok bind_ok.c
nazgul:/tmp> gcc -o bind_fail bind_fail.c
nazgul:/tmp> ./bind_fail 
bind: Cannot assign requested address
nazgul:/tmp> ./bind_ok
Success!
nazgul:/tmp>

My machine does not have IP address 123.45.67.89, but if I change the code:

bind_ok2.c:

Code:

#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <net/if.h>

int main(void)
{
    const int sockfd = socket(AF_INET, SOCK_STREAM, 0);

    if (sockfd < 0) {
        perror("socket");
        return EXIT_FAILURE;
    }

    const struct sockaddr_in servaddr = {
        .sin_family      = AF_INET,
        .sin_addr.s_addr = inet_addr("192.168.43.9"),
        .sin_port        = htons(2000),
    };
    if (bind(sockfd, (struct sockaddr *) &servaddr,
             sizeof(struct sockaddr_in))) {
        perror("bind");
        return EXIT_FAILURE;
    }
    printf("Success!\n");
    return 0;
}

and run that one:

Code:

nazgul:/tmp> gcc -o bind_ok2 bind_ok2.c
nazgul:/tmp> ./bind_ok2
Success!
nazgul:/tmp>

regards Henrik