SSH server goes down over time

franc · September 26, 2023, 11:53am

Dear Toradex,

We have detected that the ssh server goes down over time. The systemctl command shows that sshd.socket is failed:

torizon@apalis-imx8-07028438:~$ systemctl status sshd.socket
* sshd.socket
     Loaded: loaded (/usr/lib/systemd/system/sshd.socket; enabled; vendor preset: enabled)
     Active: failed (Result: trigger-limit-hit) since Thu 2023-08-17 22:38:58 UTC; 6 days ago
     Listen: [::]:22 (Stream)
   Accepted: 82; Connected: 0;   Refused: 137
    Process: 702 ExecStartPre=/usr/bin/mkdir -p /var/run/sshd (code=exited, status=0/SUCCESS)

We have found some information on the Internet (Ssh may fail when used systemd's socket activation - Developer Discussion - Clear Linux OS Forum and FS#62248 : [openssh] Using socket activation can result in denial of service). It seems that the problem is in using sshd.socket instead of sshd.service. Is there any solution to avoid losing connection with remote devices?

We are working on:
Apalis iMX8 QuadMax 4GB IT
Ixora Carrier Board V1.2A
TorizonCore 5.7.0+build.17 (dunfell)

Best Regards,
Francisco

alex.tx · September 26, 2023, 3:39pm

Have you tying disabling the socket-based activation and enabling the service-based activation of the ssh server?

You can also play with
ClientAliveInterval server configuration parameter or ServerAliveInterval on a client side. Please refer to this thread for details

josep.tx · October 4, 2023, 9:30am

Hello @franc ,
Any updates on this topic? Did you try the solutions proposed by @alex.tx?

Best regards,
Josep

franc · October 11, 2023, 9:35am

To try that solution is easy and works fine on a flashed device. But how can I make an image with that workaround? Do you plan to change to sshd.service in a future image?

lucas_a.tx · October 13, 2023, 5:42pm

Hi @franc ,

Given that enabling or disabling a systemd service or socket makes changes in /etc/, you can use TorizonCore Builder to get those changes in /etc with the isolate command and then create a custom TorizonCore (now called Torizon OS) image with these changes applied using the build command, as instructed here:

https://developer.toradex.com/torizon/5.0/os-customization/torizoncore-builder-tool-build-command#example-capturing-configuration-changes-in-the-target-device

Do you plan to change to sshd.service in a future image?

As of now we don’t have plans related to this.

Best regards,
Lucas Akira