SSHD doesn't work.

[MrSorcus]

Steps to reproduce

1:
cat ./custom.nix

{ config, lib, pkgs, ... }:

{
  imports = [ ./modules/installer/cd-dvd/installation-cd-base.nix ];

        users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAA... sorcus@laptop" ];

        systemd.network.enable = true;
        systemd.network.networks.wired.name = "enp0s3";
        systemd.network.networks.wired.address = [ "2a01:***:***::13/64" ];
        systemd.network.networks.wired.gateway = [ "fe80::1" ];

        services.openssh.enable = true;
}

2:
nix-build -A config.system.build.isoImage -I nixos-config=./custom.nix ./default.nix

3:
Create virtual machine and run with nixos iso. SSH Daemon doesn't work. It's loaded, but not active.

4:
But it's working with services.openssh.startWhenNeeded = true; ... and show this warnings:

Jun 22 21:19:09 nixos systemd[1]: sshd.service: Service lacks both ExecStart= and ExecStop= setting. Refusing.
Jun 22 21:07:44 nixos systemd[1]: Started Session 3 of user root.
Jun 22 21:07:50 nixos systemd[1]: sshd.service: Service lacks both ExecStart= and ExecStop= setting. Refusing.

Technical details

• System: 17.09.git.c89efa3 (Hummingbird)
• Nix version: nix-env (Nix) 1.11.11
• Nixpkgs version: 17.09.git.c89efa3
• Sandboxing enabled: build-use-sandbox = false

[vcunat]

And why is it wrong? It's even documented: http://nixos.org/nixos/manual/#sec-installation (7.)

[aszlig]

@vcunat: He provided authorizedKeys, so it should work without setting a root password. We even have tests doing exactly that, but without the installer CD import, so I'm guessing the real issue here could be the latter.

[aszlig]

The actual problem here is this line, so @MrSorcus adding the following line in your configuration should fix that:

systemd.services.sshd.wantedBy = lib.mkOverride 40 [ "multi-user.target" ];

For the installer image it makes sense to remove sshd from multi-user.target, because it allows the user to optionally enable openssh at runtime via systemctl start sshd.

[vcunat]

To be clear, I meant the fact that you have to start sshd manually on an installation system. I can see nothing wrong about that. (Perhaps I misunderstood.)

[aszlig]

@vcunat: No, I was wrong about that, I only read point 7 regarding setting the root passwd.

[Mic92]

This example should work: https://github.com/nixos-users/wiki/wiki/Installation-guide#build-a-custom-installation-image

[Mic92]

The warnings when using services.openssh.startWhenNeeded can be ignored.
I would say it is not a bug, but intended behavior.

[MrSorcus]

@Mic92 , maybe not a bug, but an error.

[root@nixos:~]# systemctl status sshd
● sshd.service
   Loaded: error (Reason: Invalid argument)
   Active: inactive (dead)

Jun 23 09:55:46 nixos systemd[1]: sshd.service: Service lacks both ExecStart= and ExecStop= setting. Refusing.

[root@nixos:~]# systemctl cat sshd
# /nix/store/6bidvr31m3nz0cq7z3xivjdgvyhg36zs-unit-sshd.service/sshd.service
[Unit]

[Service]
Environment="LOCALE_ARCHIVE=/nix/store/lzzhb68wykc1kbf1wjcj1vfjhimwvgsf-glibc-locales-2.25/lib/locale/locale-archive"
Environment="PATH=/nix/store/v64g1yg79b4i3cc7ajxzi5gik4sq2737-coreutils-8.27/bin:/nix/store/pzniwigry771hvqqlr939jmddcqh79m6-findutils-4.6.0/bin:/nix/store/96kg25hm8m95
Environment="TZDIR=/nix/store/gxcxsd0qgmn1qd6v655sikc92rgkqwl6-tzdata-2016j/share/zoneinfo"

[MrSorcus]

@aszlig , thank you.
systemd.services.sshd.wantedBy = lib.mkOverride 40 [ "multi-user.target" ]; work very well without any problems.

[tomberek]

Close as answered?

[MrSorcus]

Close as answered?

I don't know.
@Mic92 is it fixed in documentation?

[Mic92]

Probably not.

[elmarx]

https://nixos.wiki/wiki/Creating_a_NixOS_live_CD works flawlessly.

[flokli]

A fix for this is in progress at #63773.