Disabling ssh or sshd service

thesillywhat · October 1, 2021, 3:30pm

Hello,

I am trying to disable the ssh service but I am unable to do so.
systemctl stop sshd.service does not yield any results.

systemctl list-units --type=service
gives me the below result


UNIT                                               LOAD   ACTIVE SUB     DESCRIPTION
autoStartApp.service                               loaded active running AutoStart App
avahi-daemon.service                               loaded active running Avahi mDNS/DNS-SD Stack
busybox-klogd.service                              loaded active running Kernel Logging Service
busybox-syslog.service                             loaded active running System Logging Service
console-kit-log-system-start.service               loaded active exited  Console System Startup Logging
dbus.service                                       loaded active running D-Bus System Message Bus
getty@tty1.service                                 loaded active running Getty on tty1
kmod-static-nodes.service                          loaded active exited  Create list of required static device nodes for the current kernel
mender-grow-data.service                           loaded active exited  Mender service to grow data partition size
mender-systemd-growfs-data.service                 loaded active exited  Grow File System on /data
mender.service                                     loaded active running Mender OTA update service
ModemManager.service                               loaded active running Modem Manager
ntpd.service                                       loaded active running Network Time Service
ofono.service                                      loaded active running Telephony service
rngd.service                                       loaded active running Hardware RNG Entropy Gatherer Daemon
sshd@3-192.168.1.135:22-192.168.1.47:57854.service loaded active running OpenSSH Per-Connection Daemon (192.168.1.47:57854)
sshdgenkeys.service                                loaded active exited  OpenSSH Key Generation
systemd-journal-flush.service                      loaded active exited  Flush Journal to Persistent Storage
systemd-journald.service                           loaded active running Journal Service
systemd-logind.service                             loaded active running Login Service
systemd-modules-load.service                       loaded active exited  Load Kernel Modules
systemd-networkd.service                           loaded active running Network Service
systemd-random-seed.service                        loaded active exited  Load/Save Random Seed
systemd-remount-fs.service                         loaded active exited  Remount Root and Kernel File Systems
systemd-resolved.service                           loaded active running Network Name Resolution
systemd-sysctl.service                             loaded active exited  Apply Kernel Variables
systemd-timesyncd.service                          loaded active running Network Time Synchronization
systemd-tmpfiles-setup-dev.service                 loaded active exited  Create Static Device Nodes in /dev
systemd-tmpfiles-setup.service                     loaded active exited  Create Volatile Files and Directories
systemd-udev-trigger.service                       loaded active exited  udev Coldplug all Devices
systemd-udevd.service                              loaded active running udev Kernel Device Manager
systemd-update-utmp.service                        loaded active exited  Update UTMP about System Boot/Shutdown
var-volatile-cache.service                         loaded active exited  Bind mount volatile /var/cache
var-volatile-lib.service                           loaded active exited  Bind mount volatile /var/lib
var-volatile-spool.service                         loaded active exited  Bind mount volatile /var/spool

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

35 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

This below sshd service is a part of a static service
sshd@3-192.168.1.135:22-192.168.1.47:57854.service loaded active running OpenSSH Per-Connection Daemon (192.168.1.47:57854)

sshd@.service this is a static service.

Right now the only way I am getting around this is by setting the IPtables rule. But is there a way to completely shutdown the ssh service without removing it from the image.

I want to be able to turn ssh on if I have to do a remote debug?

drewmoseley · October 1, 2021, 3:43pm

It may be a template service. Try using ‘sshd@22’ instead of just ‘sshd’

Drew

thesillywhat · October 1, 2021, 3:56pm

When I ran that command. It did not close the existing ssh connection. I will try running that once the device boots up and see if that helps

Edit1 Did not work. When I try getting the status

● sshd@22.service - OpenSSH Per-Connection Daemon
   Loaded: loaded (/lib/systemd/system/sshd@.service; static; vendor preset: enabled)
   Active: inactive (dead)

I don’t think it ever ran

dellgreen · October 1, 2021, 6:27pm

have you tried disabling the sshd.service as using stop wont disconnect any active connections or stop it from running again on next boot

systemctl disable sshd.service

thesillywhat · October 1, 2021, 7:08pm

I don’t think I can enable or disable service on read-only RootFs. But I will give it shot

dellgreen · October 1, 2021, 7:21pm

Yer thats prob not going to work if read only as it needs to remove a symlink from /etc.

Are you trying to disable SSH completely as you don’t need it?

thesillywhat · October 1, 2021, 7:36pm

I want it disabled/stopped but I should be able to enable it again.
Right now, I am achieving that by changing the iptables rules

dellgreen · October 1, 2021, 8:41pm

so you want it disabled by default, want to be able to enable it at anytime, and are happy for it to go back to disabled when device is rebooted?

thesillywhat · October 1, 2021, 9:27pm

Yes, That is exactly what I want.

dellgreen · October 1, 2021, 9:49pm

then i would disable sshd service from starting by default in the yocto build by preventing it creating the symlink in /etc/systemd/system/ directory which should stop it starting up by default. Then whenever you need it to run temporarily execute sudo systemctl start sshd.service via whatever other access methods you have to the device.

https://www.yoctoproject.org/docs/current/ref-manual/ref-manual.html#var-SYSTEMD_AUTO_ENABLE

Topic		Replies	Views
Error disabling systemd General Discussions	11	727	June 30, 2021
Disable mender-client by default Yocto Project	5	863	March 29, 2021
Systemd mender-client.service restart option General Discussions mender-client	5	599	December 6, 2022
Hosted Mender Connect Remote Terminal Forbidden General Discussions	13	566	September 30, 2022
Remote terminal not working General Discussions mender-client , mender-connect , dbus	4	443	January 19, 2023

Disabling ssh or sshd service

Related Topics