SSH failing to start at Boot Time of Fedora LXC Container

S

silverstone

Well-Known Member
Apr 28, 2018
168
24
58
36
There seems to be some Issue for a Fedora LXC Container.

Specifically, SSH fails to start (as confirmed by ss -nlt) since nothing is listening on Port 22 after Boot.

It seems that there is something related to sshd-keygen.target when used in an LXC Container.

Disabling Wants=sshd-keygen.target seems to fix the Issue, however I'm not quite sure why this is an Issue with LXC Containers, when the same Service File is used in the standard Fedora Server Distribution (which I run as a VM on Proxmox VE):

Code: 
[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.target

# Disabling this seems to fix the startup Issue of SSH Server at Boot Time
# Wants=sshd-keygen.target
# Migration for Fedora 38 change to remove group ownership for standard host keys
# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
Wants=ssh-host-keys-migration.service

[Service]
Type=notify
# Set option as empty variable to suppress warnings upon expanding the command line
# when the config file under /etc does not exist or is empty.
Environment=OPTIONS=
EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

[Install]
WantedBy=multi-user.target

Did anybody else encounter this Issue ?

Do you have a better Fix ?

Not sure how helpful the Logs are, some of it is me restarting SSH after Boot (in order to make it work), some of it is just SSH failing to start / get killed by itself ?

Code: 
[root@CONTAINER_HOSTNAME ~]# journalctl -u sshd
-- Boot 06942a726f674aed9bb3feaf40fce9d6 --
Dec 23 18:07:22 CONTAINER_HOSTNAME systemd[1]: Starting sshd.service - OpenSSH server daemon...
Dec 23 18:07:22 CONTAINER_HOSTNAME sshd[178]: Server listening on 0.0.0.0 port 22.
Dec 23 18:07:22 CONTAINER_HOSTNAME systemd[1]: Started sshd.service - OpenSSH server daemon.
Dec 23 18:07:22 CONTAINER_HOSTNAME sshd[178]: Server listening on :: port 22.
Dec 23 18:08:35 CONTAINER_HOSTNAME sshd[178]: Received signal 15; terminating.
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: Stopping sshd.service - OpenSSH server daemon...
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: sshd.service: Deactivated successfully.
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: Stopped sshd.service - OpenSSH server daemon.
Dec 23 18:08:36 CONTAINER_HOSTNAME systemd[1]: Starting sshd.service - OpenSSH server daemon...
Dec 23 18:08:36 CONTAINER_HOSTNAME sshd[334]: Server listening on 0.0.0.0 port 22.
Dec 23 18:08:36 CONTAINER_HOSTNAME sshd[334]: Server listening on :: port 22.
Dec 23 18:08:36 CONTAINER_HOSTNAME systemd[1]: Started sshd.service - OpenSSH server daemon.
Dec 23 18:08:51 CONTAINER_HOSTNAME systemd[1]: Stopping sshd.service - OpenSSH server daemon...
Dec 23 18:08:51 CONTAINER_HOSTNAME sshd[334]: Received signal 15; terminating.
Dec 23 18:08:52 CONTAINER_HOSTNAME systemd[1]: sshd.service: Deactivated successfully.
Dec 23 18:08:52 CONTAINER_HOSTNAME systemd[1]: Stopped sshd.service - OpenSSH server daemon.
-- Boot dbb73b7fcb3f49aaad2b714f82387186 --
Dec 23 18:26:59 CONTAINER_HOSTNAME systemd[1]: Starting sshd.service - OpenSSH server daemon...
Dec 23 18:26:59 CONTAINER_HOSTNAME sshd[507]: Server listening on 0.0.0.0 port 22.
Dec 23 18:26:59 CONTAINER_HOSTNAME sshd[507]: Server listening on :: port 22.
Dec 23 18:26:59 CONTAINER_HOSTNAME systemd[1]: Started sshd.service - OpenSSH server daemon.
Dec 23 18:27:11 CONTAINER_HOSTNAME sshd-session[512]: Accepted password for root from 192.168.1.XXX port 50684 ssh2
Dec 23 18:27:11 CONTAINER_HOSTNAME sshd-session[512]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)
Dec 23 18:40:28 CONTAINER_HOSTNAME sshd[507]: Received signal 15; terminating.
Dec 23 18:40:28 CONTAINER_HOSTNAME systemd[1]: Stopping sshd.service - OpenSSH server daemon...
Dec 23 18:40:29 CONTAINER_HOSTNAME systemd[1]: sshd.service: Deactivated successfully.
Dec 23 18:40:29 CONTAINER_HOSTNAME systemd[1]: Stopped sshd.service - OpenSSH server daemon.


[root@CONTAINER_HOSTNAME ~]# journalctl -u sshd-keygen.target
- Boot 849229c0bf50431ba4ff2c92f3151bb3 --
Dec 23 18:06:32 CONTAINER_HOSTNAME systemd[1]: Reached target sshd-keygen.target.
Dec 23 18:07:11 CONTAINER_HOSTNAME systemd[1]: Stopped target sshd-keygen.target.
-- Boot 06942a726f674aed9bb3feaf40fce9d6 --
Dec 23 18:07:22 CONTAINER_HOSTNAME systemd[1]: Reached target sshd-keygen.target.
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: Stopped target sshd-keygen.target.
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: Stopping sshd-keygen.target...
Dec 23 18:08:36 CONTAINER_HOSTNAME systemd[1]: Reached target sshd-keygen.target.
Dec 23 18:08:52 CONTAINER_HOSTNAME systemd[1]: Stopped target sshd-keygen.target.
-- Boot f8a7e1f8a2c64bfba7b0f581c2a781be --
Dec 23 18:09:02 CONTAINER_HOSTNAME systemd[1]: Reached target sshd-keygen.target.
Dec 23 18:22:32 CONTAINER_HOSTNAME systemd[1]: Stopped target sshd-keygen.target.
-- Boot bad562f8825d431eb794735d65e3602f --
Dec 23 18:22:43 CONTAINER_HOSTNAME systemd[1]: Reached target sshd-keygen.target.
Dec 23 18:23:31 CONTAINER_HOSTNAME systemd[1]: Stopped target sshd-keygen.target.
-- Boot dbb73b7fcb3f49aaad2b714f82387186 --
Dec 23 18:25:50 CONTAINER_HOSTNAME systemd[1]: Reached target sshd-keygen.target.
Dec 23 18:26:59 CONTAINER_HOSTNAME systemd[1]: Stopped target sshd-keygen.target.
Dec 23 18:26:59 CONTAINER_HOSTNAME systemd[1]: Stopping sshd-keygen.target...
Dec 23 18:26:59 CONTAINER_HOSTNAME systemd[1]: Reached target sshd-keygen.target.
Dec 23 18:40:29 CONTAINER_HOSTNAME systemd[1]: Stopped target sshd-keygen.target.
-- Boot a2e3910ca5fd430cb26f38811a1afeb3 --
Dec 23 18:40:40 CONTAINER_HOSTNAME systemd[1]: Reached target sshd-keygen.target.


[root@CONTAINER_HOSTNAME ~]# journalctl -u sshd-keygen@rsa.service
-- Boot 849229c0bf50431ba4ff2c92f3151bb3 --
Dec 23 18:06:32 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because no trigger condition checks were met.
-- Boot 06942a726f674aed9bb3feaf40fce9d6 --
Dec 23 18:07:22 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: Starting sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation...
Dec 23 18:08:36 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service: Deactivated successfully.
Dec 23 18:08:36 CONTAINER_HOSTNAME systemd[1]: Finished sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation.
-- Boot f8a7e1f8a2c64bfba7b0f581c2a781be --
Dec 23 18:09:02 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because no trigger condition checks were met.
-- Boot bad562f8825d431eb794735d65e3602f --
Dec 23 18:22:43 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because no trigger condition checks were met.
-- Boot dbb73b7fcb3f49aaad2b714f82387186 --
Dec 23 18:25:50 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:26:59 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:36:16 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:37:07 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because no trigger condition checks were met.
-- Boot a2e3910ca5fd430cb26f38811a1afeb3 --
Dec 23 18:40:40 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@rsa.service - OpenSSH rsa Server Key Generation was skipped because no trigger condition checks were met.


[root@CONTAINER_HOSTNAME ~]# journalctl -u sshd-keygen@ecdsa.service
Dec 23 18:06:32 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation was skipped because no trigger condition checks were met.
-- Boot 06942a726f674aed9bb3feaf40fce9d6 --
Dec 23 18:07:22 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: Starting sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation...
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ecdsa.service: Deactivated successfully.
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: Finished sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation.
-- Boot f8a7e1f8a2c64bfba7b0f581c2a781be --
Dec 23 18:09:02 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation was skipped because no trigger condition checks were met.
-- Boot bad562f8825d431eb794735d65e3602f --
Dec 23 18:22:43 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation was skipped because no trigger condition checks were met.
-- Boot dbb73b7fcb3f49aaad2b714f82387186 --
Dec 23 18:25:50 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:26:59 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:35:59 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation was skipped because no trigger condition checks were met.
-- Boot a2e3910ca5fd430cb26f38811a1afeb3 --
Dec 23 18:40:40 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ecdsa.service - OpenSSH ecdsa Server Key Generation was skipped because no trigger condition checks were met.


[root@CONTAINER_HOSTNAME ~]# journalctl -u sshd-keygen@ed25519.service
-- Boot 849229c0bf50431ba4ff2c92f3151bb3 --
Dec 23 18:06:32 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation was skipped because no trigger condition checks were met.
-- Boot 06942a726f674aed9bb3feaf40fce9d6 --
Dec 23 18:07:22 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: Starting sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation...
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ed25519.service: Deactivated successfully.
Dec 23 18:08:35 CONTAINER_HOSTNAME systemd[1]: Finished sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation.
-- Boot f8a7e1f8a2c64bfba7b0f581c2a781be --
Dec 23 18:09:02 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation was skipped because no trigger condition checks were met.
-- Boot bad562f8825d431eb794735d65e3602f --
Dec 23 18:22:43 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation was skipped because no trigger condition checks were met.
-- Boot dbb73b7fcb3f49aaad2b714f82387186 --
Dec 23 18:25:50 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:26:59 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation was skipped because no trigger condition checks were met.
Dec 23 18:37:29 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation was skipped because no trigger condition checks were met.
-- Boot a2e3910ca5fd430cb26f38811a1afeb3 --
Dec 23 18:40:40 CONTAINER_HOSTNAME systemd[1]: sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation was skipped because no trigger condition checks were met.


[root@CONTAINER_HOSTNAME ~]# journalctl -u network.target
-- Boot 849229c0bf50431ba4ff2c92f3151bb3 --
Dec 23 18:06:32 CONTAINER_HOSTNAME systemd[1]: Reached target network.target - Network.
Dec 23 18:07:18 CONTAINER_HOSTNAME systemd[1]: Stopped target network.target - Network.
-- Boot 06942a726f674aed9bb3feaf40fce9d6 --
Dec 23 18:07:22 CONTAINER_HOSTNAME systemd[1]: Reached target network.target - Network.
Dec 23 18:08:58 CONTAINER_HOSTNAME systemd[1]: Stopped target network.target - Network.
-- Boot f8a7e1f8a2c64bfba7b0f581c2a781be --
Dec 23 18:09:02 CONTAINER_HOSTNAME systemd[1]: Reached target network.target - Network.
Dec 23 18:22:38 CONTAINER_HOSTNAME systemd[1]: Stopped target network.target - Network.
-- Boot bad562f8825d431eb794735d65e3602f --
Dec 23 18:22:43 CONTAINER_HOSTNAME systemd[1]: Reached target network.target - Network.
Dec 23 18:23:38 CONTAINER_HOSTNAME systemd[1]: Stopped target network.target - Network.
-- Boot f46cf109efa34ffe929546aa61a0b31f --
Dec 23 18:23:43 CONTAINER_HOSTNAME systemd[1]: Reached target network.target - Network.
Dec 23 18:24:53 CONTAINER_HOSTNAME systemd[1]: Stopped target network.target - Network.
-- Boot dbb73b7fcb3f49aaad2b714f82387186 --
Dec 23 18:24:58 CONTAINER_HOSTNAME systemd[1]: Reached target network.target - Network.
Dec 23 18:40:34 CONTAINER_HOSTNAME systemd[1]: Stopped target network.target - Network.
-- Boot a2e3910ca5fd430cb26f38811a1afeb3 --
Dec 23 18:40:39 CONTAINER_HOSTNAME systemd[1]: Reached target network.target - Network.

EDIT 1: actually it seems to be kind of Random, now it seems to start even if I put back the File as originally shipped (without my "Patch") :(.
 
Last edited:
You must log in or register to reply here.
Top Bottom