New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Socket activated SSHD shows error in journalctl early at boot #3279
Comments
What happens when you just open and close the port with telnet? |
Interesting, when I telnet, and run
I'm thinking this means:
So perhaps is there a way to change it so that it's not a SSH failure just because a client fails in connecting? |
I spoke to someone on the systemd mailing list, they said:
Then:
How would I change the SuccessExitStatus for the sshd@.service inside Nix? I can't change it manually, is there some declarative nix expression for this? |
(triage) @CMCDragonkai can you re-check with a recent system? |
No response, so close @zimbatm |
sshd will at times fail when exiting. When socket activated, this will leave a number of sshd@ service instances in the failed state, so we simply ignore the error code if we are running socket activated. Recommended by upstream: http://systemd-devel.freedesktop.narkive.com/d0eapMCG/socket-activated-sshd-service-showing-up-as-a-failure-when-the-client-connection-fails Fixes: NixOS#3279
@Profpatsch Apologies for the late reply. But it appears that this has not been fixed. However @peterhoeg has been working on this. The latest commit that I can see is: peterhoeg@83b9df2 |
@peterhoeg Can you send a PR for your fix, so this issue can be truly closed? |
sshd will at times fail when exiting. When socket activated, this will leave a number of sshd@ service instances in the failed state, so we simply ignore the error code if we are running socket activated. Recommended by upstream: http://systemd-devel.freedesktop.narkive.com/d0eapMCG/socket-activated-sshd-service-showing-up-as-a-failure-when-the-client-connection-fails Fixes: NixOS#3279
By the way, I am REALLY sorry about spamming this issue. Note to self - only reference issues in the actual PR and not the commit message. |
sshd will at times fail when exiting. When socket activated, this will leave a number of sshd@ service instances in the failed state, so we simply ignore the error code if we are running socket activated. Recommended by upstream: http://systemd-devel.freedesktop.narkive.com/d0eapMCG/socket-activated-sshd-service-showing-up-as-a-failure-when-the-client-connection-fails Fixes: NixOS#3279
I've got a socket activated SSHD on my NixOS instance:
In
configuration.nix
When checking my
sudo systemctl status
, I always get this on every boot:So there's always a failed service, and it always shows that this OS is in a degraded state. This is not helpful as these will alert errors in a centralised monitoring/logging system.
The specific failed service is an sshd service:
However, there are 3 instances of SSHD services that were launched. This is proven via the
systemctl status sshd.socket
output shows that there were 3 connections accepted.I'm launching this through vagrant. This means there should at least be 2 sshd instances. The first would be when vagrant boots the VM up, and then ssh in to setup the network and shared folders. The second is when I run
vagrant ssh
to ssh into the machine.However this shows 3 instances. I did some more digging and found that these 3 instances were:
The 51317 happened first, then 51331, then 51446. Now I check
sudo journalctl -b -r
, and this is what I see (reversed, top most recent, bottom older):Take a look at the ones that I marked with
** **
. They show that 51317 started first, and then later failed after 2 minutes. This is the unknown SSH instance, I don't know why this instance started, and nothing ever tried logging in. The other 2 ssh service instances started, succeeded. One of them by Vagrant, the other by my current session.So what is 51317? Why is it starting up with nothing trying to login, and then subsequently fail and cause my VM to be in a degraded state. Does this have something to do with the socket activation?
The text was updated successfully, but these errors were encountered: