====== Ubuntu - SSH - Override socket-activated SSH ======
===== Override socket-activated SSH =====
Occasionally when systemd gets into a broken state, socket activation doesn’t work, which can make a system inaccessible if ssh is the only option. This can be avoided configuring a permanently active SSH daemon that forks for each incoming connection.
To do this directly on the CoreOS machine, begin by replacing the default sshd unit file at **/etc/systemd/system/sshd.service** with the following:
# /etc/systemd/system/sshd.service
[Unit]
Description=OpenSSH server daemon
[Service]
Type=forking
PIDFile=/var/run/sshd.pid
ExecStart=/usr/sbin/sshd
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=30s
[Install]
WantedBy=multi-user.target
Next mask the systemd.socket unit:
systemctl mask --now sshd.socket
Finally, execute a daemon-reload, stop the sshd.socket service, and start the sshd.service unit:
systemctl daemon-reload
systemctl restart sshd.service
The same configuration can be achieved and an actively listening sshd started by providing user-data like:
cloud-config:
#cloud-config
coreos:
units:
- name: sshd.socket
command: stop
mask: true
- name: sshd.service
command: start
content: |
[Unit]
Description=OpenSSH server daemon
[Service]
Type=forking
PIDFile=/var/run/sshd.pid
ExecStart=/usr/sbin/sshd
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=30s
[Install]
WantedBy=multi-user.target
write_files:
- path: "/var/run/sshd.pid"
permissions: "0644"
owner: "root"
Ignition:
{
"ignition": {
"version": "2.0.0"
},
"systemd": {
"units": [
{
"name": "sshd.socket",
"mask": true
},
{
"name": "sshd.service",
"enable": true,
"contents": "[Unit]\nDescription=OpenSSH server daemon\n[Service]\nType=forking\nPIDFile=/var/run/sshd.pid\nExecStart=/usr/sbin/sshd\nExecReload=/bin/kill -HUP $MAINPID\nKillMode=process\nRestart=on-failure\nRestartSec=30s\n[Install]\nWantedBy=multi-user.target\n"
}
]
}
}