Proxmox LXC container with dead ssh service

[kcrawford]

Hello,

I am looking to change the ssh port of a Debian 11 LXC. I have updated the `/etc/ssh/sshd_config` file:

# grep ^Port /etc/ssh/sshd_config
Port 50022

however after a reboot of the container, the ssh port configuration is no longer respected. When checking the ssh service in the container, it shows as dead.

# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: inactive (dead)
       Docs: man:sshd(8)
             man:sshd_config(5)

I have tried building a new container, both privileged and un-privledged; Debian 10 and Debian 11 with all having the same symptom of the ssh service being in a dead state upon logging in.

Has anyone else encountered a similar issue? Below is the container config and the logs from the last boot of a test container.

# pct config 124
arch: amd64
cores: 1
features: nesting=1
hostname: nginx-test
memory: 512
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=2A:DD:5B:3D:08:D5,ip=dhcp,ip6=auto,type=veth
ostype: debian
rootfs: helium:124/vm-124-disk-0.raw,size=8G
swap: 512
unprivileged: 1

root@nginx-test:~# journalctl -b -l --no-pager
-- Journal begins at Thu 2021-10-28 21:43:10 UTC, ends at Thu 2021-10-28 21:45:09 UTC. --
Oct 28 21:43:10 nginx-test systemd-journald[52]: Journal started
Oct 28 21:43:10 nginx-test systemd-journald[52]: Runtime Journal (/run/log/journal/7984aafeec6a48d59e782eac449b5eb3) is 8.0M, max 2.5G, 2.5G free.
Oct 28 21:43:10 nginx-test systemd-sysusers[59]: Creating group systemd-coredump with gid 999.
Oct 28 21:43:10 nginx-test systemd-sysusers[59]: Creating user systemd-coredump (systemd Core Dumper) with uid 999 and gid 999.
Oct 28 21:43:10 nginx-test systemd[1]: Starting Flush Journal to Persistent Storage...
Oct 28 21:43:10 nginx-test mount[56]: mount: /sys/kernel/config: permission denied.
Oct 28 21:43:10 nginx-test systemd-journald[52]: Time spent on flushing to /var/log/journal/7984aafeec6a48d59e782eac449b5eb3 is 722us for 6 entries.
Oct 28 21:43:10 nginx-test systemd-journald[52]: System Journal (/var/log/journal/7984aafeec6a48d59e782eac449b5eb3) is 8.0M, max 796.3M, 788.3M free.
Oct 28 21:43:10 nginx-test systemd[1]: Finished Flush Journal to Persistent Storage.
Oct 28 21:43:11 nginx-test systemd[1]: Finished Create System Users.
Oct 28 21:43:11 nginx-test systemd[1]: Starting Create Static Device Nodes in /dev...
Oct 28 21:43:11 nginx-test systemd[1]: Finished Create Static Device Nodes in /dev.
Oct 28 21:43:11 nginx-test systemd[1]: Reached target Local File Systems (Pre).
Oct 28 21:43:11 nginx-test systemd[1]: Reached target Local File Systems.
Oct 28 21:43:11 nginx-test systemd[1]: Starting Raise network interfaces...
Oct 28 21:43:11 nginx-test systemd[1]: Condition check resulted in Store a System Token in an EFI Variable being skipped.
Oct 28 21:43:11 nginx-test systemd-journald[52]: Forwarding to syslog missed 1 messages.
Oct 28 21:43:11 nginx-test systemd[1]: Starting Commit a transient machine-id on disk...
Oct 28 21:43:11 nginx-test systemd[1]: Starting Create Volatile Files and Directories...
Oct 28 21:43:11 nginx-test systemd[1]: Condition check resulted in Rule-based Manager for Device Events and Files being skipped.
Oct 28 21:43:11 nginx-test systemd[1]: Starting Network Service...
Oct 28 21:43:11 nginx-test systemd[1]: Finished Create Volatile Files and Directories.
Oct 28 21:43:11 nginx-test systemd[1]: Condition check resulted in Network Time Synchronization being skipped.
Oct 28 21:43:11 nginx-test systemd[1]: Reached target System Time Set.
Oct 28 21:43:11 nginx-test systemd[1]: Reached target System Time Synchronized.
Oct 28 21:43:11 nginx-test systemd[1]: Starting Update UTMP about System Boot/Shutdown...
Oct 28 21:43:11 nginx-test systemd[1]: Finished Update UTMP about System Boot/Shutdown.
Oct 28 21:43:11 nginx-test systemd[1]: Reached target System Initialization.
Oct 28 21:43:11 nginx-test systemd[1]: Started Daily apt download activities.
Oct 28 21:43:11 nginx-test systemd[1]: Started Daily apt upgrade and clean activities.
Oct 28 21:43:11 nginx-test systemd[1]: Started Periodic ext4 Online Metadata Check for All Filesystems.
Oct 28 21:43:11 nginx-test systemd[1]: Condition check resulted in Discard unused blocks once a week being skipped.
Oct 28 21:43:11 nginx-test systemd[1]: Started Daily rotation of log files.
Oct 28 21:43:11 nginx-test systemd[1]: Started Daily man-db regeneration.
Oct 28 21:43:11 nginx-test systemd[1]: Started Daily Cleanup of Temporary Directories.
Oct 28 21:43:11 nginx-test systemd[1]: Reached target Timers.
Oct 28 21:43:11 nginx-test systemd[1]: Listening on D-Bus System Message Bus Socket.
Oct 28 21:43:11 nginx-test systemd[1]: Listening on OpenBSD Secure Shell server socket.
Oct 28 21:43:11 nginx-test systemd[1]: Reached target Sockets.
Oct 28 21:43:11 nginx-test systemd[1]: Reached target Basic System.
Oct 28 21:43:11 nginx-test systemd[1]: Started Regular background program processing daemon.
Oct 28 21:43:11 nginx-test systemd[1]: Started D-Bus System Message Bus.
Oct 28 21:43:11 nginx-test systemd[1]: Starting Remove Stale Online ext4 Metadata Check Snapshots...
Oct 28 21:43:11 nginx-test systemd[1]: Condition check resulted in getty on tty2-tty6 if dbus and logind are not available being skipped.
Oct 28 21:43:11 nginx-test systemd[1]: Starting System Logging Service...
Oct 28 21:43:11 nginx-test systemd[1]: systemd-logind.service: Attaching egress BPF program to cgroup /sys/fs/cgroup/system.slice/systemd-logind.service failed: Invalid argument
Oct 28 21:43:11 nginx-test systemd[1]: Starting User Login Management...
Oct 28 21:43:11 nginx-test rsyslogd[88]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.2102.0]
Oct 28 21:43:11 nginx-test rsyslogd[88]: imklog: cannot open kernel log (/proc/kmsg): Permission denied.
Oct 28 21:43:11 nginx-test rsyslogd[88]: activation of module imklog failed [v8.2102.0 try https://www.rsyslog.com/e/2145 ]
Oct 28 21:43:11 nginx-test rsyslogd[88]: [origin software="rsyslogd" swVersion="8.2102.0" x-pid="88" x-info="https://www.rsyslog.com"] start
Oct 28 21:43:11 nginx-test systemd[1]: Started System Logging Service.
Oct 28 21:43:11 nginx-test cron[85]: (CRON) INFO (pidfile fd = 3)
Oct 28 21:43:11 nginx-test cron[85]: (CRON) INFO (Running @reboot jobs)
Oct 28 21:43:11 nginx-test systemd-logind[89]: New seat seat0.
Oct 28 21:43:11 nginx-test systemd[1]: Started User Login Management.
Oct 28 21:43:11 nginx-test systemd[1]: Finished Wait for network to be configured by ifupdown.
Oct 28 21:43:11 nginx-test systemd[1]: e2scrub_reap.service: Succeeded.
Oct 28 21:43:11 nginx-test systemd[1]: Finished Remove Stale Online ext4 Metadata Check Snapshots.
Oct 28 21:43:11 nginx-test systemd-networkd[75]: Failed to increase receive buffer size for general netlink socket, ignoring: Operation not permitted
Oct 28 21:43:11 nginx-test systemd[1]: etc-machine\x2did.mount: Succeeded.
Oct 28 21:43:11 nginx-test systemd[1]: Finished Commit a transient machine-id on disk.
Oct 28 21:43:11 nginx-test systemd-networkd[75]: Enumeration completed
Oct 28 21:43:11 nginx-test systemd[1]: Started Network Service.
Oct 28 21:43:11 nginx-test systemd[1]: Starting Wait for Network to be Configured...
Oct 28 21:43:11 nginx-test systemd[1]: Starting Network Name Resolution...
Oct 28 21:43:11 nginx-test dhclient[105]: Internet Systems Consortium DHCP Client 4.4.1
Oct 28 21:43:11 nginx-test ifup[105]: Internet Systems Consortium DHCP Client 4.4.1
Oct 28 21:43:11 nginx-test dhclient[105]: Copyright 2004-2018 Internet Systems Consortium.
Oct 28 21:43:11 nginx-test ifup[105]: Copyright 2004-2018 Internet Systems Consortium.
Oct 28 21:43:11 nginx-test dhclient[105]: All rights reserved.
Oct 28 21:43:11 nginx-test ifup[105]: All rights reserved.
Oct 28 21:43:11 nginx-test dhclient[105]: For info, please visit https://www.isc.org/software/dhcp/
Oct 28 21:43:11 nginx-test ifup[105]: For info, please visit https://www.isc.org/software/dhcp/
Oct 28 21:43:11 nginx-test dhclient[105]:
Oct 28 21:43:11 nginx-test systemd-networkd[75]: eth0: Link UP
Oct 28 21:43:11 nginx-test systemd-networkd[75]: eth0: Gained carrier
Oct 28 21:43:11 nginx-test systemd-resolved[107]: Positive Trust Anchors:
Oct 28 21:43:11 nginx-test systemd-resolved[107]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Oct 28 21:43:11 nginx-test systemd-resolved[107]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
Oct 28 21:43:11 nginx-test systemd-resolved[107]: Using system hostname 'nginx-test'.
Oct 28 21:43:11 nginx-test systemd[1]: Started Network Name Resolution.
Oct 28 21:43:11 nginx-test systemd[1]: Reached target Host and Network Name Lookups.
Oct 28 21:43:11 nginx-test dhclient[105]: Listening on LPF/eth0/2a:dd:5b:3d:08:d5
Oct 28 21:43:11 nginx-test ifup[105]: Listening on LPF/eth0/2a:dd:5b:3d:08:d5
Oct 28 21:43:11 nginx-test ifup[105]: Sending on   LPF/eth0/2a:dd:5b:3d:08:d5
Oct 28 21:43:11 nginx-test ifup[105]: Sending on   Socket/fallback
Oct 28 21:43:11 nginx-test ifup[105]: Created duid "\000\001\000\001)\015\325\357*\335[=\010\325".
Oct 28 21:43:11 nginx-test ifup[105]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Oct 28 21:43:11 nginx-test dhclient[105]: Sending on   LPF/eth0/2a:dd:5b:3d:08:d5
Oct 28 21:43:11 nginx-test dhclient[105]: Sending on   Socket/fallback
Oct 28 21:43:11 nginx-test dhclient[105]: Created duid "\000\001\000\001)\015\325\357*\335[=\010\325".
Oct 28 21:43:11 nginx-test dhclient[105]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
Oct 28 21:43:12 nginx-test dhclient[105]: DHCPOFFER of 192.168.10.66 from 192.168.10.1
Oct 28 21:43:12 nginx-test ifup[105]: DHCPOFFER of 192.168.10.66 from 192.168.10.1
Oct 28 21:43:12 nginx-test ifup[105]: DHCPREQUEST for 192.168.10.66 on eth0 to 255.255.255.255 port 67
Oct 28 21:43:12 nginx-test dhclient[105]: DHCPREQUEST for 192.168.10.66 on eth0 to 255.255.255.255 port 67
Oct 28 21:43:12 nginx-test dhclient[105]: DHCPACK of 192.168.10.66 from 192.168.10.1
Oct 28 21:43:12 nginx-test ifup[105]: DHCPACK of 192.168.10.66 from 192.168.10.1
Oct 28 21:43:12 nginx-test systemd[1]: Finished Wait for Network to be Configured.
Oct 28 21:43:12 nginx-test dhclient[105]: bound to 192.168.10.66 -- renewal in 293 seconds.
Oct 28 21:43:12 nginx-test ifup[105]: bound to 192.168.10.66 -- renewal in 293 seconds.
Oct 28 21:43:12 nginx-test systemd[1]: Finished Raise network interfaces.
Oct 28 21:43:12 nginx-test systemd[1]: Reached target Network.
Oct 28 21:43:12 nginx-test systemd[1]: Reached target Network is Online.
Oct 28 21:43:12 nginx-test systemd[1]: Starting Postfix Mail Transport Agent (instance -)...
Oct 28 21:43:12 nginx-test systemd[1]: Starting Permit User Sessions...
Oct 28 21:43:12 nginx-test systemd[1]: Finished Permit User Sessions.
Oct 28 21:43:12 nginx-test systemd[1]: Started Console Getty.
Oct 28 21:43:12 nginx-test systemd[1]: Condition check resulted in Container Getty on /dev/tty0 being skipped.
Oct 28 21:43:12 nginx-test systemd[1]: Started Container Getty on /dev/tty1.
Oct 28 21:43:12 nginx-test systemd[1]: Started Container Getty on /dev/tty2.
Oct 28 21:43:12 nginx-test systemd[1]: Condition check resulted in Getty on tty1 being skipped.
Oct 28 21:43:12 nginx-test systemd[1]: Reached target Login Prompts.
Oct 28 21:43:12 nginx-test postfix/postfix-script[282]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
Oct 28 21:43:12 nginx-test postfix/postfix-script[315]: starting the Postfix mail system
Oct 28 21:43:12 nginx-test postfix/master[317]: daemon started -- version 3.5.6, configuration /etc/postfix
Oct 28 21:43:12 nginx-test systemd[1]: Started Postfix Mail Transport Agent (instance -).
Oct 28 21:43:12 nginx-test systemd[1]: Starting Postfix Mail Transport Agent...
Oct 28 21:43:12 nginx-test systemd[1]: Finished Postfix Mail Transport Agent.
Oct 28 21:43:12 nginx-test systemd[1]: Reached target Multi-User System.
Oct 28 21:43:12 nginx-test systemd[1]: Reached target Graphical Interface.
Oct 28 21:43:12 nginx-test systemd[1]: Starting Update UTMP about System Runlevel Changes...
Oct 28 21:43:12 nginx-test systemd[1]: systemd-update-utmp-runlevel.service: Succeeded.
Oct 28 21:43:12 nginx-test systemd[1]: Finished Update UTMP about System Runlevel Changes.
Oct 28 21:43:12 nginx-test systemd[1]: Startup finished in 3.493s.
Oct 28 21:43:13 nginx-test systemd-networkd[75]: eth0: Gained IPv6LL
Oct 28 21:45:09 nginx-test systemd-journald[52]: Forwarding to syslog missed 36 messages.

 

[fabian]

the ssh server is socket-activated in those distros/templates - see the corresponding .socket unit file you can either adapt that (systemctl edit ssh.socket and add your port) or use ssh.service instead (systemctl disable ssh.socket; systemctl enable ssh.service)

 

[kcrawford]

Awesome, thank you! I disabled and masked the ssh.socket service and enabled the ssh service and see that ssh is now listening on the expected port.

 

[jeanlau]

worked for me too with ubuntu guest, it was starting but with the default config (port 22) and after I restarted the service my config was taken into account, well thanks to your little command systemctl disable ssh.socket; systemctl enable ssh.service it now works perfectly!
thanks

 

[ledufakademy]

For me with Proxmox official template for Debian 11, this work for me :

mkdir /var/run/sshd
systemctl disable ssh.socket
systemctl disable ssh
systemctl enable ssh
systemctl start ssh
systemctl status sshd