Nixpkgs: SSHD doesn't work.

Created on 22 Jun 2017  ยท  14Comments  ยท  Source: NixOS/nixpkgs

Steps to reproduce

1:
cat ./custom.nix

{ config, lib, pkgs, ... }:

{
  imports = [ ./modules/installer/cd-dvd/installation-cd-base.nix ];

        users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAA... sorcus@laptop" ];

        systemd.network.enable = true;
        systemd.network.networks.wired.name = "enp0s3";
        systemd.network.networks.wired.address = [ "2a01:***:***::13/64" ];
        systemd.network.networks.wired.gateway = [ "fe80::1" ];

        services.openssh.enable = true;
}

2:
nix-build -A config.system.build.isoImage -I nixos-config=./custom.nix ./default.nix

3:
Create virtual machine and run with nixos iso. SSH Daemon doesn't work. It's loaded, but not active.

4:
But it's working with services.openssh.startWhenNeeded = true; ... and show this warnings:

Jun 22 21:19:09 nixos systemd[1]: sshd.service: Service lacks both ExecStart= and ExecStop= setting. Refusing.
Jun 22 21:07:44 nixos systemd[1]: Started Session 3 of user root.
Jun 22 21:07:50 nixos systemd[1]: sshd.service: Service lacks both ExecStart= and ExecStop= setting. Refusing.

Technical details

  • System: 17.09.git.c89efa3 (Hummingbird)
  • Nix version: nix-env (Nix) 1.11.11
  • Nixpkgs version: 17.09.git.c89efa3
  • Sandboxing enabled: build-use-sandbox = false
wontfix documentation
Source
picture MrSorcus

Most helpful comment

The actual problem here is this line, so @MrSorcus adding the following line in your configuration should fix that:

systemd.services.sshd.wantedBy = lib.mkOverride 40 [ "multi-user.target" ];

For the installer image it makes sense to remove sshd from multi-user.target, because it allows the user to optionally enable openssh at runtime via systemctl start sshd.

picture aszlig on 23 Jun 2017
👍4

All 14 comments

And why is it wrong? It's even documented: http://nixos.org/nixos/manual/#sec-installation (7.)

vcunat picture vcunat on 23 Jun 2017

@vcunat: He provided authorizedKeys, so it should work without setting a root password. We even have tests doing exactly that, but without the installer CD import, so I'm guessing the real issue here could be the latter.

aszlig picture aszlig on 23 Jun 2017

The actual problem here is this line, so @MrSorcus adding the following line in your configuration should fix that:

systemd.services.sshd.wantedBy = lib.mkOverride 40 [ "multi-user.target" ];

For the installer image it makes sense to remove sshd from multi-user.target, because it allows the user to optionally enable openssh at runtime via systemctl start sshd.

aszlig picture aszlig on 23 Jun 2017
👍4

To be clear, I meant the fact that you have to start sshd manually on an installation system. I can see nothing wrong about that. (Perhaps I misunderstood.)

vcunat picture vcunat on 23 Jun 2017

@vcunat: No, I was wrong about that, I only read point 7 regarding setting the root passwd.

aszlig picture aszlig on 23 Jun 2017

This example should work: https://github.com/nixos-users/wiki/wiki/Installation-guide#build-a-custom-installation-image

Mic92 picture Mic92 on 23 Jun 2017

The warnings when using services.openssh.startWhenNeeded can be ignored.
I would say it is not a bug, but intended behavior.

Mic92 picture Mic92 on 23 Jun 2017

@Mic92 , maybe not a bug, but an error.

[root@nixos:~]# systemctl status sshd
โ— sshd.service
   Loaded: error (Reason: Invalid argument)
   Active: inactive (dead)

Jun 23 09:55:46 nixos systemd[1]: sshd.service: Service lacks both ExecStart= and ExecStop= setting. Refusing.

[root@nixos:~]# systemctl cat sshd
# /nix/store/6bidvr31m3nz0cq7z3xivjdgvyhg36zs-unit-sshd.service/sshd.service
[Unit]

[Service]
Environment="LOCALE_ARCHIVE=/nix/store/lzzhb68wykc1kbf1wjcj1vfjhimwvgsf-glibc-locales-2.25/lib/locale/locale-archive"
Environment="PATH=/nix/store/v64g1yg79b4i3cc7ajxzi5gik4sq2737-coreutils-8.27/bin:/nix/store/pzniwigry771hvqqlr939jmddcqh79m6-findutils-4.6.0/bin:/nix/store/96kg25hm8m95
Environment="TZDIR=/nix/store/gxcxsd0qgmn1qd6v655sikc92rgkqwl6-tzdata-2016j/share/zoneinfo"
MrSorcus picture MrSorcus on 23 Jun 2017

@aszlig , thank you.
systemd.services.sshd.wantedBy = lib.mkOverride 40 [ "multi-user.target" ]; work very well without any problems.

MrSorcus picture MrSorcus on 23 Jun 2017

Close as answered?

tomberek picture tomberek on 30 Sep 2018

Close as answered?

I don't know.
@Mic92 is it fixed in documentation?

MrSorcus picture MrSorcus on 10 Oct 2018

Probably not.

Mic92 picture Mic92 on 11 Oct 2018

https://nixos.wiki/wiki/Creating_a_NixOS_live_CD works flawlessly.

elmarx picture elmarx on 31 Oct 2018
👍1

A fix for this is in progress at #63773.

flokli picture flokli on 29 Jun 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghost picture ghost  ยท  3Comments
spacekitteh picture spacekitteh  ยท  3Comments
edolstra picture edolstra  ยท  3Comments
ob7 picture ob7  ยท  3Comments
domenkozar picture domenkozar  ยท  3Comments