search

imthenachoman / How-To-Secure-A-Linux-Server

An evolving how-to guide for securing a Linux server.
Creative Commons Attribution Share Alike 4.0 International
17.25k stars 1.1k forks source link

SSH listenaddress bug note #62

Open JustEnoughDucks opened 3 years ago

JustEnoughDucks commented 3 years ago

In some systems this bug will occur: sshd will not start at boot if ListenAddress is set. I ran into it myself following this guide. It is a failure of systemd and ssh devs to communicate who will fix it.

Anyway, there is a simple workaround to it by 'nimishp12':

changing /etc/systemd/system/sshd.service:

After=network.target audit.target
Wants=network.target

to

Requires=multi-user.target
Before=shutdown.target
After=multi-user.target
Wants=multi-user.target

This also solves the problem of using various network.service/targets that may still cause issues just using Before/After network-online.target

imthenachoman commented 3 years ago

Does this work for you? It doesn't work for me.

JustEnoughDucks commented 3 years ago

Did you end up having the listenaddress issue too?

Yes, the lines I posted work for me, but in that bug report, I think there are 3 different methods to try (like the network-online.target Before/after). I am really not sure why different ones are working for different people. Perhaps it is just the service start order?

imthenachoman commented 3 years ago

Yes, I had issues. I will keep playing with it.