0

I have two servers running ubuntu 22.04.2 LTS with openssh-server 1:8.9p1-3ubuntu0.1 installed. And on both servers I have installed the same admin user.

I want to test the legacy superdaemon xinetd for ssh. So I stopped the ssh.service on the first server and started the xinetd.service on that server after adding the following config file:

cat /etc/xinetd.d/ssh

service ssh
{
    disable     = no
    socket_type = stream
    protocol    = tcp
    wait        = no
    user        = root
    server      =/usr/sbin/sshd
    server_args = -1
    flags       = IPv4
    interface   = 192.168.50.100
}

When I try to ssh into the server running xinetd, the xinetd daemon should start the ssh daemon on the target server and allow me in. But I get the following error message:

ssh -v 192.168.50.100

OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.50.100 [192.168.50.100] port 22.
debug1: Connection established.
debug1: identity file /home/thomasgrusz/.ssh/id_rsa type -1
debug1: identity file /home/thomasgrusz/.ssh/id_rsa-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519 type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519_sk type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_xmss type -1
debug1: identity file /home/thomasgrusz/.ssh/id_xmss-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_dsa type -1
debug1: identity file /home/thomasgrusz/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: kex_exchange_identification: banner line 0: unknown option -- 1
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.50.100 port 22

Any ideas?

Improve this question
2
  • It can't find any of the "identify files" to use in setting up the SSH connection, so it drops the connection. Have you read man ssh-keygen?
    – waltinator
    Commented Mar 10, 2023 at 0:09
  • @waltinator The missing ssh-key should not be an isssue. It should just ask for the password, which it does, when I enable the ssh.service by hand.
    – Thomas Grusz
    Commented Mar 12, 2023 at 13:18

2 Answers 2

Reset to default
0

Use

server_args = -i

for xinetd.

Improve this answer
1
  • Thanks for spotting this, but it's still throwing the same error.
    – Thomas Grusz
    Commented Mar 12, 2023 at 12:41
0

Update: March 12, 2023

I found the issue when I looked into the error logs of the xindetd daemon on the target server. It throws the following error when I try to ssh in:

Mar 12 14:09:06 ubuntuserver100 sshd[1551]: fatal: Missing privilege separation directory: /run/sshd

I created the /run/sshd/ directory manually and then everything worked perfectly. This is a temp folder though, so it will be missing again after reboot. I fixed this by adding the following file:

thomasgrusz@ubuntuserver100:~$ cat /usr/lib/tmpfiles.d/sshd.conf
d /run/sshd 0755 root root

I got the idea from this post, but there is probably a more elegant solution for this.

Does anyone know, why this folder is missing in the first place?

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .