sshd-second fails after yum update

Support for security such as Firewalls and securing linux
Post Reply
nacmen
Posts: 3
Joined: 2017/09/25 11:43:03

sshd-second fails after yum update

Post by nacmen » 2017/09/26 22:27:03

Hi.
I have a problem in a second ssh-daemon(sshd) that worked perfectly and "service sshd-second status" it was shown as active in green letters. Everything worked perfectly.
This service was created before update from "yum update" and after update the service fails and is always "activating", sshd-second.pid is created and write to user/.ssh/known_hosts, sshd-second works every little time, but always restart without active service.
Who created it: "ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd-second_config $ OPTIONS" into /usr/lib/systemd/system/sshd-second.service.
sshd.service (parent) works fine and without fail.

Typing cat /usr/lib/systemd/system/sshd-second.service

Code: Select all

[Unit]
Description=OpenSSH server second instance daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=sshd-keygen.service sshd.service
Wants=sshd-keygen.service

[Service]
Type=forking
PidFile=/var/run/sshd-second.pid
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd-second_config $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target
Typing cat /etc/ssh/sshd-second_config

Code: Select all

Port 12345
ListenAddress 0.0.0.0
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
AllowUsers userdemo
PermitRootLogin no
MaxAuthTries 6
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
UsePrivilegeSeparation sandbox          # Default for new installations.
ClientAliveInterval 800
ClientAliveCountMax 0
PidFile=/var/run/sshd-second.pid
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem       sftp    /usr/libexec/openssh/sftp-server
Typing service sshd-second reload
Redirecting to /bin/systemctl reload sshd-second.service
Failed to reload sshd-second.service: Job type reload is not applicable for unit sshd-second.service.
See system logs and 'systemctl status sshd-second.service' for details.


Typing service sshd-second status
Redirecting to /bin/systemctl status sshd-second.service
sshd-second.service - OpenSSH server second instance daemon
Loaded: loaded (/usr/lib/systemd/system/sshd-second.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: timeout) since mar 2017-09-26 02:05:20 CEST; 25s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 1072 ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd-second_config $OPTIONS (code=exited, status=0/SUCCESS)

sep 26 02:05:20 localhost.localdomain systemd[1]: Failed to start OpenSSH server second instance daemon.
sep 26 02:05:20 localhost.localdomain systemd[1]: Unit sshd-second.service entered failed state.
sep 26 02:05:20 localhost.localdomain systemd[1]: sshd-second.service failed.


Do you have any idea what may be happening? Should I go back to the openssh version not updated? What is the correct way to create a second sshd service after update centos7?

Thanks in advance. ;) ;) ;) ;)

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: sshd-second fails after yum update

Post by jlehtone » 2017/09/27 11:42:07

Why do you want two sshd instances? Are the configurations radically different?

nacmen
Posts: 3
Joined: 2017/09/25 11:43:03

Re: sshd-second fails after yum update

Post by nacmen » 2017/09/27 13:12:40

Yes, it is used as a gate ssh into rbash-chroot-jail to the system with a connection allowed from ssh user@127.0.0.1(localhost)
Is it crazy? I do not know... :D
Is it excessive? it's possible... :lol:

Otherwise I would have to install a new ssh server for localhost :cry:
Last edited by nacmen on 2017/09/28 10:25:00, edited 2 times in total.

nacmen
Posts: 3
Joined: 2017/09/25 11:43:03

Re: sshd-second fails after yum update

Post by nacmen » 2017/09/27 23:41:22

I have activated the ssh-second service, after the update has changed sshd.service configuration.

Before update sshd.service

Code: Select all

[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=forking
PIDFile=/var/run/sshd.pid
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target
                      
After update sshd.service

Code: Select all

Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.service
Wants=sshd-keygen.service

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target
                                                                                                                    ~                      

Before update sshd-second.service

Code: Select all

[Unit]
Description=OpenSSH server second instance daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=sshd-keygen.service sshd.service
Wants=sshd-keygen.service

[Service]
Type=forking
PidFile=/var/run/sshd-second.pid
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd-second_config $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target
After update sshd-second.service

Code: Select all


[Unit]
Description=OpenSSH server second instance daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=sshd-keygen.service sshd.service
Wants=sshd-keygen.service

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -Df /etc/ssh/sshd-second_config $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target

The sshd-second_config not change.


Works perfectly.. :D :D :D :D :D :D

typing: ps aux | grep sshd
shows: root 928 0.0 0.2 105996 4068 ? Ss 00:49 0:00 /usr/sbin/sshd -Df /etc/ssh/sshd-second_config

typing: service sshd-second status -l
Redirecting to /bin/systemctl status -l sshd-second.service
● sshd-second.service - OpenSSH server second instance daemon
Loaded: loaded (/usr/lib/systemd/system/sshd-second.service; enabled; vendor preset: disabled)
Active: active (running) since jue 2017-09-28 00:49:32 CEST; 1h 4min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 928 (sshd)
CGroup: /system.slice/sshd-second.service
└─928 /usr/sbin/sshd -Df /etc/ssh/sshd-second_config

sep 28 00:49:32 localhost.localdomain systemd[1]: Starting OpenSSH server second instance daemon...
sep 28 00:49:32 localhost.localdomain sshd[928]: Server listening on 0.0.0.0 port 12345
sep 28 00:49:32 localhost.localdomain systemd[1]: Started OpenSSH server second instance daemon.

Regards :mrgreen:

Post Reply