endlessh icon indicating copy to clipboard operation
endlessh copied to clipboard

Published 20 hours ago verified publisher icon skeeto

Unable to start endlessh on port 22

Open nbraud opened this issue 4 years ago • 14 comments

When trying to start endlessh on port 22, on a machine using systemd, the service fails to start due to getting EACCESS on the bind(2) call to open the socket.

As endlessh only reports fatal: Permission denied, I took a recording of the process' activity under strace, running as the systemd service:

Jan 30 22:19:10 neon.citronna.de systemd[1]: Started Endlessh SSH Tarpit.
Jan 30 22:19:10 neon.citronna.de strace[2060944]: execve("/usr/bin/endlessh", ["/usr/bin/endlessh", "-p22"], 0x7ffe5c745d68 /* 5 vars */) = 0
Jan 30 22:19:10 neon.citronna.de strace[2060944]: brk(NULL)                               = 0x55809d08c000
[loading libraries...]
Jan 30 22:19:10 neon.citronna.de strace[2060944]: openat(AT_FDCWD, "/etc/endlessh/config", O_RDONLY) = -1 ENOENT (No such file or directory)
Jan 30 22:19:10 neon.citronna.de strace[2060944]: rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RESTORER|SA_INTERRUPT|SA_NODEFER|SA_RESETHAND, sa_restorer=0x7f5f98187100}, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, 8) = 0
Jan 30 22:19:10 neon.citronna.de strace[2060944]: rt_sigaction(SIGTERM, {sa_handler=0x55809b5eddd0, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f5f98187100}, NULL, 8) = 0
Jan 30 22:19:10 neon.citronna.de strace[2060944]: rt_sigaction(SIGHUP, {sa_handler=0x55809b5edde0, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f5f98187100}, NULL, 8) = 0
Jan 30 22:19:10 neon.citronna.de strace[2060944]: rt_sigaction(SIGUSR1, {sa_handler=0x55809b5eddf0, sa_mask=[], sa_flags=SA_RESTORER, sa_restorer=0x7f5f98187100}, NULL, 8) = 0

[we are now in server_create]
Jan 30 22:19:10 neon.citronna.de strace[2060944]: socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 3
Jan 30 22:19:10 neon.citronna.de strace[2060944]: setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
Jan 30 22:19:10 neon.citronna.de strace[2060944]: setsockopt(3, SOL_IPV6, IPV6_V6ONLY, [0], 4) = 0
Jan 30 22:19:10 neon.citronna.de strace[2060944]: bind(3, {sa_family=AF_INET6, sin6_port=htons(22), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EACCES (Permission denied)

[BOOM!]
Jan 30 22:19:10 neon.citronna.de strace[2060944]: write(2, "endlessh: fatal: Permission deni"..., 35
Jan 30 22:19:10 neon.citronna.de systemd[1]: endlessh.service: Main process exited, code=exited, status=1/FAILURE
Jan 30 22:19:10 neon.citronna.de strace[2060949]: write(2, "endlessh: fatal: Permissi
Jan 30 22:19:10 neon.citronna.de strace[2060944]: write(2, "endlessh: fatal: Permissi
Jan 30 22:19:10 neon.citronna.de strace[2060944]:  = 35
Jan 30 22:19:10 neon.citronna.de systemd[1]: endlessh.service: Failed with result 'exit-code'.
Jan 30 22:19:10 neon.citronna.de strace[2060944]: exit_group(1)
Jan 30 22:19:28 neon.citronna.de systemd[1]: Stopped Endlessh SSH Tarpit.

I was unable to find immediately what causes this, though I expect it is related to the security-related settings in endless.service.

I didn't search very hard, though, as I have a more satisfying solution via socket activation...

nbraud avatar Jan 30 '20 23:01 nbraud