From: Darshaka Pathirana Date: Sat, 5 Nov 2016 19:27:17 +0000 (+0100) Subject: Fix failing systemd ssh.service X-Git-Tag: v0.28.0~12 X-Git-Url: http://git.grml.org/?p=grml-live.git;a=commitdiff_plain;h=5b0d1600825c2fe273b47adaf6278cba3c241f5c;hp=c970c21d41fb49d545f9078ffaf8632bfba4b857 Fix failing systemd ssh.service SSH needs host keys which previously were generated by ssh-keygen.service. But the generation of the host keys is not a "service" and must only be done when no host keys exist. Also ssh-bootoption.service was aliased with sshd.service which itself depends on the kernel option "ssh" which prevents starting of ssh. So I removed the alias entry. --- diff --git a/etc/grml/fai/config/files/etc/systemd/system/ssh-bootoption.service/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/ssh-bootoption.service/GRMLBASE index fafa20f..175fa9c 100644 --- a/etc/grml/fai/config/files/etc/systemd/system/ssh-bootoption.service/GRMLBASE +++ b/etc/grml/fai/config/files/etc/systemd/system/ssh-bootoption.service/GRMLBASE @@ -4,7 +4,7 @@ [Unit] Description=OpenBSD Secure Shell server -After=ssh-keygen network.target auditd.service +After=network.target auditd.service ConditionKernelCommandLine=ssh ConditionPathExists=!/etc/ssh/sshd_not_to_be_run @@ -17,4 +17,3 @@ Restart=on-failure [Install] WantedBy=multi-user.target -Alias=sshd.service diff --git a/etc/grml/fai/config/files/etc/systemd/system/ssh-keygen.service/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/ssh-keygen.service/GRMLBASE deleted file mode 100644 index b39cb47..0000000 --- a/etc/grml/fai/config/files/etc/systemd/system/ssh-keygen.service/GRMLBASE +++ /dev/null @@ -1,14 +0,0 @@ -# This file was deployed via grml-live's -# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/15-initsetup, using -# ${GRML_FAI_CONFIG}/config/files/etc/systemd/system/ssh-keygen.service/GRMLBASE - -[Unit] -Description=SSH keygen -Before=ssh.service - -[Service] -ExecStart=/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N '' -ExecStart=/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -C '' -N '' -ExecStart=/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -C '' -N '' -ExecStart=/usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C '' -N '' -Type=oneshot diff --git a/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE new file mode 100644 index 0000000..1345898 --- /dev/null +++ b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE @@ -0,0 +1,24 @@ +# This file was deployed via grml-live's +# ${GRML_FAI_CONFIG}/config/scripts/GRMLBASE/15-initsetup, using +# ${GRML_FAI_CONFIG}/config/files/etc/systemd/system/ssh.service/GRMLBASE + +[Unit] +Description=OpenBSD Secure Shell server +After=network.target auditd.service +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run + +[Service] +EnvironmentFile=-/etc/default/ssh +ExecStartPre=-/bin/sh -c "[ ! -f /etc/ssh/ssh_host_rsa_key ] && /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''" +ExecStartPre=-/bin/sh -c "[ ! -f /etc/ssh/ssh_host_dsa_key ] && /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -C '' -N ''" +ExecStartPre=-/bin/sh -c "[ ! -f /etc/ssh/ssh_host_ecdsa_key ] && /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -C '' -N ''" +ExecStartPre=-/bin/sh -c "[ ! -f /etc/ssh/ssh_host_ed25519_key ] && /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C '' -N ''" +ExecStart=/usr/sbin/sshd -D $SSHD_OPTS +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Alias=sshd.service +