search

janmojzis / tinyssh

TinySSH is small server (less than 100000 words of code)
Creative Commons Zero v1.0 Universal
1.43k stars 78 forks source link

Systemd services don't work #76

Open hacatu opened 1 year ago

hacatu commented 1 year ago

On arch linux, there are three systemd unit files installed along with tinyssh by default (usr/lib/systemd/system/tinyssh@.service, usr/lib/systemd/system/tinyssh@.socket, and usr/lib/systemd/system/tinysshgenkeys.service, see here). However, the man page (see here) lists two other unit files with very similar but slightly different names. Worse yet, I can't figure out how to get either to work.

If I enable tinyssh@22.socket and then tinyssh@22.service (the two systemctl units that come pre installed with the package), the first one works fine, but then the second one fails. In the systemd logs, it simply says tinyssh@22.service: Got no socket. The same thing happens if I run tinyssh@22.service and then tinyssh@22.socket (ie in the other order). It seems that it is creating the socket, but the service isn't actually listening on it correctly for some reason. ss -lx | grep ssh only shows /run/user/0/gnupg/S.gpg-agent.ssh, no socket for ssh. However, I can tell tinyssh@22.socket is doing something, because nmap identifies port 22 as filtered instead of closed, and ssh-copy-id fails when trying to log in instead of timing out like it would if the port were closed. It just, you know, isn't actually connected to any tinyssh daemon.

What about the unit files described in the man page? Well, glancing quickly over this repo I noticed that the man page is very out of date, but I didn't spot where the unit files in the arch linux package are, so they might be a downstream thing. Anyway, if I add the unit files described in the man page, they also don't work. The error is exactly the same, as long as I remember to stop the other socket.

Finally, just for completeness's sake, if I simply run tinysshd /etc/tinyssh/sshkeydir, it hangs for 1 minute and then kills itself because fatal: closing connection (timed out){main_tinysshd.c:43} I did generate the server keys and make sure that the two systemd sockets were stopped before trying it.

I'm running tinyssh in a qemu virtual machine, and the arch linux version is built with NaCl "/ TweetNaCl"

ktpx commented 1 year ago

You just need to two files as per the man page. However there is a problem with it as is. in the tinysshd@.service this line:

ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} -- /etc/tinyssh/sshkeydir

Won't work, i think since systemd whines about empty variable.

I replaced with:

ExecStart=/usr/sbin/tinysshd -v /etc/tinyssh/sshkeydir and it works.

Only the socket service needs to be running/active. And you can't just run the tinysshd as a command like that, it needs tcpserv, inetd or systemd.

Not sure why arch has 3 files, but you only need the two in the man page, then with the fix above, unless you actually set the ENV variable to something.