Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] SSH service is not restarted in ubuntu 24.04 #536

Open
GauthierPLM opened this issue Dec 10, 2024 · 8 comments · Fixed by #537
Open

[BUG] SSH service is not restarted in ubuntu 24.04 #536

GauthierPLM opened this issue Dec 10, 2024 · 8 comments · Fixed by #537
Assignees

Comments

@GauthierPLM
Copy link

Describe the bug
During setup, the ssh service is not properly restarted at the end of the setup process.
If SSH port has been changed, we are locked outside the machine as ufw only allows the new port but sshd is still listening on the old port.

The service name is now ssh and no more sshd, maybe this causes the issue?

To Reproduce

  1. Setup a fresh ubuntu 24.04 machine.
  2. Change SSH port to 12322 (or any other port)
  3. use any as FW_ADMIN value.
  4. run ubuntu.sh
  5. once completed, try to SSH into the machine -> connection is refused.

Expected behavior

ssh.service should be properly restarted.

System (lsb_release -a):

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble

@konstruktoid
Copy link
Owner

Thanks for creating the issue @GauthierPLM, I believe it's fixed now.

@GauthierPLM
Copy link
Author

Hi @konstruktoid

I tested again today and while there was no warning about sshd service not being found, the service wasn't restarted and I had to restart it manually.

@konstruktoid
Copy link
Owner

So the fix didn't work?

@GauthierPLM
Copy link
Author

It does not indeed.

@konstruktoid konstruktoid reopened this Dec 18, 2024
@konstruktoid
Copy link
Owner

Can you try this diff?

diff --git a/scripts/sshdconfig b/scripts/sshdconfig
index 8a971b7..01a22bf 100644
--- a/scripts/sshdconfig
+++ b/scripts/sshdconfig
@@ -170,7 +170,7 @@ function f_sshdconfig {
   chown root:root "$SSHDCONF"
   chmod 0600 "$SSHDCONF"

-  systemctl restart ssh.service
+  bash -it -c 'systemctl restart ssh.service'

   if [[ $VERBOSE == "Y" ]]; then
     systemctl status ssh.service --no-pager

@GauthierPLM
Copy link
Author

GauthierPLM commented Dec 20, 2024

Tried today at 12h30 on an existing machine (not yet hardened), and the fix didn't solve the issue. The service still listen on port 22:

# ss -tulpn | grep -e 'ssh\|12322'
tcp   LISTEN 0      4096                     *:22              *:*    users:(("sshd",pid=65406,fd=3))

I had to restart the service myself.

@konstruktoid
Copy link
Owner

don't really have an idea why this is happening, will continue to test

@GauthierPLM
Copy link
Author

I don't know if it will help, but the machines are ARN cloud servers from Hetzner, running Ubuntu 24.04.

This is my cloud-init.yaml file:

#cloud-config
users:
  - name: ...
    groups: users, sudo
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash
    ssh_authorized_keys:
      - ...
package_update: true
package_upgrade: true
write_files:
  - path: /etc/ssh/sshd_config.d/99-custom.conf
    content: |
      PermitRootLogin no
      PasswordAuthentication no
      KbdInteractiveAuthentication no
      ChallengeResponseAuthentication no
      MaxAuthTries 2
      AllowTcpForwarding no
      X11Forwarding no
      AllowAgentForwarding no
      AuthorizedKeysFile .ssh/authorized_keys
      AllowUsers ...
    owner: root:root
    permissions: '0644'
runcmd:
  - reboot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants