Skip to content

Instantly share code, notes, and snippets.

@smoser

smoser/README.md

Last active November 22, 2016 01:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save smoser/b32bb1c33564d1d46971cd9ded2e8477 to your computer and use it in GitHub Desktop.
Save smoser/b32bb1c33564d1d46971cd9ded2e8477 to your computer and use it in GitHub Desktop.
Download ZIP
failsafe ssh unit and root shell login
Raw
README.md

Failsafe systemd units

Failsafe ssh

Sometimes you need to make sure ssh is running (when I debug cloud-init for example). Or you might just want to run it on a different port.

This is an example unit that you can add to Ubuntu 16.04+ that will do that.

It is mostly a copy of the ssh.service in Ubuntu, but:

  • adds the generating of ssh rsa key if it is not there.
  • runs much earlier in boot
  • runs on port 2222

Notes

By default, Ubuntu's ssh does not permit login as root, and cloud images do not enable password auth. If you want to let root login with password see the commented out line and modify accordingly.

Installing

add ssh-custom.service to this file to /lib/systemd/system/ssh-custom.service.

wget https://gist.githubusercontent.com/smoser/b32bb1c33564d1d46971cd9ded2e8477/raw/ssh-custom.service -O /lib/systemd/system/ssh-custom.service
ln -s /lib/systemd/system/ssh-custom.service /etc/systemd/system/multi-user.target.wants/
systemctl daemon-reload
systemctl start ssh-custom

Failsafe root console

The root console in root-shell.service will just put a login on the second virtual console (alt+f2).

No password required, just go there and start being root.

Raw
root-shell.service
# root-shell.service
# put in /lib/systemd/system/root-shell.service
# enable with:
# ln -s /lib/systemd/system/root-shell.service /etc/systemd/system/multi-user.target.wants/
# systemctl daemon-reload
# systemctl start root-shell
[Unit]
Description=Root Shell on tty2
After=local-fs.target
[Service]
# the VT is cleared by TTYVTDisallocate
ExecStart=-/sbin/agetty --noclear tty2 --autologin root $TERM
Type=idle
Restart=always
RestartSec=0
UtmpIdentifier=tty2
TTYPath=/dev/tty2
TTYReset=yes
TTYVHangup=yes
TTYVTDisallocate=yes
KillMode=process
IgnoreSIGPIPE=no
SendSIGHUP=yes
# Unset locale for the console getty since the console has problems
# displaying some internationalized messages.
Environment=LANG= LANGUAGE= LC_CTYPE= LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION=
[Install]
WantedBy=multi-user.target
Raw
ssh-custom.service
[Unit]
Description=custom ssh service
DefaultDependencies=no
Before=shutdown.target
Before=sysinit.target
RequiresMountsFor=/etc/ssh
RequiresMountsFor=/var/run/sshd
[Service]
ExecStartPre=/bin/sh -c 'f=/etc/ssh/ssh_host_rsa_key; [ -f "$f" ] && exit; ssh-keygen -t rsa -N "" -f $f'
# if you want to enable password auth and for root, use the following ExecStart.
#ExecStart=/usr/sbin/sshd -o PasswordAuthentication=yes -o PermitRootLogin=yes -p 2222 -D
ExecStart=/usr/sbin/sshd -p 2222 -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
StandardOutput=journal+console
[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment