0

I have two servers running ubuntu 22.04.2 LTS with openssh-server 1:8.9p1-3ubuntu0.1 installed. And on both servers I have installed the same admin user.

I want to test the legacy superdaemon xinetd for ssh. So I stopped the ssh.service on the first server and started the xinetd.service on that server after adding the following config file:

cat /etc/xinetd.d/ssh

service ssh
{
    disable     = no
    socket_type = stream
    protocol    = tcp
    wait        = no
    user        = root
    server      =/usr/sbin/sshd
    server_args = -1
    flags       = IPv4
    interface   = 192.168.50.100
}

When I try to ssh into the server running xinetd, the xinetd daemon should start the ssh daemon on the target server and allow me in. But I get the following error message:

ssh -v 192.168.50.100

OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for 
debug1: Connecting to 192.168.50.100 [192.168.50.100] port 22.
debug1: Connection established.
debug1: identity file /home/thomasgrusz/.ssh/id_rsa type -1
debug1: identity file /home/thomasgrusz/.ssh/id_rsa-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519 type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519_sk type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_xmss type -1
debug1: identity file /home/thomasgrusz/.ssh/id_xmss-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_dsa type -1
debug1: identity file /home/thomasgrusz/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: kex_exchange_identification: banner line 0: unknown option -- 1
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.50.100 port 22

Any ideas?

karel
  • 114,770
Thomas Grusz
  • 131
  • It can't find any of the "identify files" to use in setting up the SSH connection, so it drops the connection. Have you read man ssh-keygen? – waltinator Mar 10 '23 at 00:09
  • @waltinator The missing ssh-key should not be an isssue. It should just ask for the password, which it does, when I enable the ssh.service by hand. – Thomas Grusz Mar 12 '23 at 13:18

2 Answers2

0

Use

server_args = -i

for xinetd.

Freddy
  • 161
0

Update: March 12, 2023

I found the issue when I looked into the error logs of the xindetd daemon on the target server. It throws the following error when I try to ssh in:

Mar 12 14:09:06 ubuntuserver100 sshd[1551]: fatal: Missing privilege separation directory: /run/sshd

I created the /run/sshd/ directory manually and then everything worked perfectly. This is a temp folder though, so it will be missing again after reboot. I fixed this by adding the following file:

thomasgrusz@ubuntuserver100:~$ cat /usr/lib/tmpfiles.d/sshd.conf
d /run/sshd 0755 root root

I got the idea from this post, but there is probably a more elegant solution for this.

Does anyone know, why this folder is missing in the first place?

karel
  • 114,770
Thomas Grusz
  • 131