Hi
I am having a problem with my sshd daemon. It seems determined to ignore my configuration file altogether.
My setup is this:
Contents of /etc/systemd/system/multi-user.target.wants/sshd.service :
$this->bbcode_second_pass_code('', '
[Unit]
Description=OpenSSH Daemon
Wants=sshdgenkeys.service
After=sshdgenkeys.service
After=network.target
[Service]
ExecStart=/usr/bin/sshd -D -f /etc/ssh/sshd_config
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
[Install]
WantedBy=multi-user.target
')
Content of /etc/ssh/sshd_config :
$this->bbcode_second_pass_code('', '
AllowGroups sshusers
PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
UsePrivilegeSeparation sandbox
Subsystem sftp /usr/lib/ssh/sftp-server
')
which is all vanilla Arch Linux except the first two lines (of which I have already tried removing the first line to no avail).
output of ps aux | grep sshd :
$this->bbcode_second_pass_code('', '
root 279 0.0 0.7 10408 3400 ? Ss 20:05 0:00 sshd: user [priv]
user 286 0.1 0.3 10408 1544 ? S 20:05 0:01 sshd: user@pts/0
root 402 0.0 0.4 6280 2260 ? Ss 20:26 0:00 /usr/bin/sshd -D -f /etc/ssh/sshd_config
user 439 0.0 0.2 4540 948 pts/2 S+ 20:34 0:00 grep sshd
')
Yet the sshd permits password logins with the root user.
I have tried
$this->bbcode_second_pass_code('', '
sudo systemctl daemon-reload
sudo systemctl restart sshd
')
even reboot. No change.
The sshd does understand the config file. Running sudo sshd -t -ddd -e -f /etc/ssh/sshd_config gives me :
$this->bbcode_second_pass_code('', '
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 352
debug2: parse_server_config: config /etc/ssh/sshd_config len 352
debug3: /etc/ssh/sshd_config:19 setting Protocol 2
debug3: /etc/ssh/sshd_config:43 setting AllowGroups sshusers
debug3: /etc/ssh/sshd_config:46 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:57 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:79 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:100 setting UsePAM yes
debug3: /etc/ssh/sshd_config:109 setting PrintMotd no
debug3: /etc/ssh/sshd_config:113 setting UsePrivilegeSeparation sandbox
debug3: /etc/ssh/sshd_config:129 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type DSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_dsa_key" as a RSA1 public key
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #2 type 3 ECDSA
debug3: Incorrect RSA1 identifier
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ed25519_key" as a RSA1 public key
debug1: private host key: #3 type 4 ED25519
')
I am curious. It would seem that it does read and understand the configuration file and just fails to act accordingly - or am I missing something here?
Please let me know if there are any additional details needed in order to properly diagnose the problem.