Openssh sshd service fails on boot, not waiting for network/interface 'up'?

dlich · October 16, 2021, 12:26am

I've enabled openssh's sshd to replace dropbear,

OpenSSH_8.4p1, OpenSSL 1.1.1l  24 Aug 2021

On manual sshd start all's good. I can access OPENWRT via ssh.

But on system reboot, there's no sshd access.

Checking system processes, I see that there's NO sshd running.

Checking system logs,

Fri Oct 15 17:03:38 2021 authpriv.err sshd[1708]: error: Bind to port 22 on 127.0.0.1 failed: Address not available.
Fri Oct 15 17:03:38 2021 authpriv.err sshd[1708]: error: Bind to port 22 on 10.199.199.1 failed: Address not available.
Fri Oct 15 17:03:38 2021 authpriv.crit sshd[1708]: fatal: Cannot bind any address.

From OpenWRT gui, if I just restart sshd all's good, since that interface/address IS there

ip -4 addr show br-lan
	6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
	    inet 10.199.199.1/24 brd 10.199.199.255 scope global br-lan
	       valid_lft forever preferred_lft forever

Looks like the service needs to wait for the network to be 'up'.

I know how to do this in systemd.

How do you make an OPENWRT service wait for network IP address to be up?

psherman · October 16, 2021, 12:33am

In the init.d script that starts any service, there is a start order (1-99). Increase the start order and it will execute later in the boot process. Usually this will work, but you might need to add some logic to wait for ifup if that is otherwise causing a failure or race condition.

vgaetera · October 16, 2021, 12:47am

The proper way is either to disable interface binding, or bind dynamically.
The latter is possible with procd interface trigger, or hotplug script.
Also be sure to disable Dropbear, or change SSH port to avoid conflicts.

dlich · October 16, 2021, 12:16pm

In the init.d script that starts any service, there is a start order (1-99). Increase the start order and it will execute later in the boot process.

I changed

grep START= /etc/init.d/*
	/etc/init.d/boot:START=10
	/etc/init.d/bootcount:START=99
	/etc/init.d/cron:START=50
	/etc/init.d/dnsmasq:START=19
	/etc/init.d/done:START=95
	/etc/init.d/dropbear:START=19
	/etc/init.d/firewall:START=19
	/etc/init.d/gpio_switch:START=94
	/etc/init.d/led:START=96
	/etc/init.d/log:START=12
	/etc/init.d/network:START=20
	/etc/init.d/odhcpd:START=35
	/etc/init.d/rpcd:START=12
-	/etc/init.d/sshd:START=50
+	/etc/init.d/sshd:START=99
	/etc/init.d/sysctl:START=11
	/etc/init.d/sysfixtime:START=00
	/etc/init.d/sysntpd:START=98
	/etc/init.d/system:START=10
	/etc/init.d/ucitrack:START=80
	/etc/init.d/uhttpd:START=50
	/etc/init.d/urandom_seed:START=99
	/etc/init.d/urngd:START=00
	/etc/init.d/wpad:START=19

and rebooted.

Login to sshd works now!

Not sure yet what exactly was causing the problem, since the obvious candidate

/etc/init.d/network:START=20

was already at an earlier start priority, and Dropbear was earlier

/etc/init.d/dropbear:START=19

Thanks a lot though!

The proper way is either to disable interface binding, or bind dynamically.
The latter is possible with procd interface trigger 2, or hotplug script 2.

Thanks for the suggestions & links. I have no idea what to do with those yet, so have to read up on all this for OPENWRT.

Also be sure to disable Dropbear, or change SSH port to avoid conflicts.

I followed the instructions at:

https://oldwiki.archive.openwrt.org/inbox/replacingdropbearbyopensshserver

Openssh sshd is enabled, and listens on port 22.
Dropbear is disabled, but still available to listen on port 2222 if I need it.