[SOLVED] SSH doesn't work as expected in LXC

that's normal though? when you change the config file you'd need to restart/reload the service.
Well, that's right.
But when I reboot the container, shouldn't the SSH settings I configured in the configuration be used?
This is not the case until I restart the SSH server after the container restart.

How to reproduce:
  1. Start latest LXC container with Debian 11
  2. Connect to container with SSH
  3. Configure 1337 as SSH port in /etc/ssh/sshd_config
  4. Restart SSH server.
  5. Connect to container via port 1337. <- works!
  6. Restart the container.
  7. SSH uses port 22 again.
 
Last edited:
But when I reboot the container, shouldn't the SSH settings I configured in the configuration be used?
This is not the case until I restart the SSH server after the container restart.
what settings did you change? is the ssh service enabled?

and how are you rebooting the container?
 
what settings did you change? is the ssh service enabled?

and how are you rebooting the container?
Sorry, I edited my last post with additional info.
Usually I restart the container via Proxmox with "Reboot".
SSH is enabled, yes.
Code:
root@foundry:~# systemctl status sshd
* ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: inactive (dead)
       Docs: man:sshd(8)
             man:sshd_config(5)
 
Usually I restart the container via Proxmox with "Reboot".
SSH is enabled, yes.
after you're done editing the config in /etc/ssh/sshd_config:
Code:
systemctl disable ssh.socket
systemctl enable ssh
reboot

works here :)
 
Ubuntu 20.04 LTS container are painfull !

Failed to enable unit: Refusing to operate on alias name or linked unit file: sshd.service
 
* ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:sshd(8)
man:sshd_config(5)
 
  • Like
Reactions: ledufakademy
Well, that's right.
But when I reboot the container, shouldn't the SSH settings I configured in the configuration be used?
This is not the case until I restart the SSH server after the container restart.

How to reproduce:
  1. Start latest LXC container with Debian 11
  2. Connect to container with SSH
  3. Configure 1337 as SSH port in /etc/ssh/sshd_config
  4. Restart SSH server.
  5. Connect to container via port 1337. <- works!
  6. Restart the container.
  7. SSH uses port 22 again.
Thanks. Restarting the LXC via PVE webUI indeed doesn't make sshd to use the new /etc/ssh/sshd_config. Had to run a systemctl restart sshd for changes to take effect.
 
Got it wrong. Running "systemctl restart sshd" will just make ssh as well as the LXCs console in the PVE webUI not work at all until you restart the LXC.
so whats the correct way to set up the SSH server in a Debian 11 LXC?

The LXC got 3 NICs in the subnets 192.168.43.70/24, 10.60.175.10/16 as well as 10.61.175.10/16. I want the SSH server to only listen on the management subnet, so only on 10.61.175.10.

In a Debian 11 VM I would do that by editing the "/etc/ssh/sshd_config" and changing the line "#ListenAddress 0.0.0.0" to "ListenAddress 10.61.175.10". But this simply doesn't work with the LXC. I can still connect to the LXC via 192.168.43.70.

Edit:
Ok, looks like this is doing the trick:
Code:
systemctl disable ssh.socket
systemctl enable ssh
reboot
 
Last edited:
after you're done editing the config in /etc/ssh/sshd_config:
Code:
systemctl disable ssh.socket
systemctl enable ssh
reboot

works here :)
This resolved my issue with certain sshd_config settings not being respected.

Why does one have to go through this extra step of disabling ssh.socket, re-enabling ssh, and rebooting?

Is this an Ubuntu step not required on other OSes, or is this specific to LXCs vs VMs?

Normally, on any other OS (macOS, openBSD, deBIAN), I just restart sshd or reboot.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!