Differences

This shows you the differences between two versions of the page.

--- ssh:override_socket-activated_ssh [2016/10/17 14:54] – created peter
+++ ssh:override_socket-activated_ssh [2019/12/04 21:26] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== SSH - Override socket-activated SSH ======
-===== Override socket-activated SSH =====
-Occasionally when systemd gets into a broken state, socket activation doesn’t work, which can make a system inaccessible if ssh is the only option. This can be avoided configuring a permanently active SSH daemon that forks for each incoming connection.
-To do this directly on the CoreOS machine, begin by replacing the default sshd unit file at **/etc/systemd/system/sshd.service** with the following:
-<file bash /etc/systemd/system/sshd.service>
-# /etc/systemd/system/sshd.service
-[Unit]
-Description=OpenSSH server daemon
-[Service]
-Type=forking
-PIDFile=/var/run/sshd.pid
-ExecStart=/usr/sbin/sshd
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-Restart=on-failure
-RestartSec=30s
-[Install]
-WantedBy=multi-user.target
-</file>
-Next mask the systemd.socket unit:
-<code bash>
-systemctl mask --now sshd.socket
-</code>
-Finally, execute a daemon-reload, stop the sshd.socket service, and start the sshd.service unit:
-<code bash>
-systemctl daemon-reload
-systemctl restart sshd.service
-</code>
-The same configuration can be achieved and an actively listening sshd started by providing user-data like:
-cloud-config:
-<file bash>
-#cloud-config
-coreos:
-  units:
-  - name: sshd.socket
-    command: stop
-    mask: true
-  - name: sshd.service
-    command: start
-    content: |
-      [Unit]
-      Description=OpenSSH server daemon
-      [Service]
-      Type=forking
-      PIDFile=/var/run/sshd.pid
-      ExecStart=/usr/sbin/sshd
-      ExecReload=/bin/kill -HUP $MAINPID
-      KillMode=process
-      Restart=on-failure
-      RestartSec=30s
-      [Install]
-      WantedBy=multi-user.target
-write_files:
-  - path: "/var/run/sshd.pid"
-    permissions: "0644"
-    owner: "root"
-</file>
-Ignition:
-<file bash>
-{
-  "ignition": {
-    "version": "2.0.0"
-  },
-  "systemd": {
-    "units": [
-      {
-        "name": "sshd.socket",
-        "mask": true
-      },
-      {
-        "name": "sshd.service",
-        "enable": true,
-        "contents": "[Unit]\nDescription=OpenSSH server daemon\n[Service]\nType=forking\nPIDFile=/var/run/sshd.pid\nExecStart=/usr/sbin/sshd\nExecReload=/bin/kill -HUP $MAINPID\nKillMode=process\nRestart=on-failure\nRestartSec=30s\n[Install]\nWantedBy=multi-user.target\n"
-      }
-    ]
-  }
-}
-</file>