Cloud init disabled and ssh setup situation unclear

timda · January 3, 2026, 7:08am

I am on a try to use nearly fresh bare-metal installation of Ubuntu 22.04.5 LTS Server as the foundation for OpenStack deployment.

I decided to disable cloud unit systemd unit and doing it due to recommendation found on openstack deployment documentation. The sound of recommendation is before OS-deployment starts to disable mechanisms for host networking/connectivity automatic configuration. This is the one side of story.

The another side is that so far I am not lucky to get clean picture regarding SSH-server installation and setup. Actually ssh.socket is expected to be active when ssh server idles. Numerous free materials in Internet - let them be tutorials, blogs, other kinds - (materials addressing the task of ssh server initial setup) present that guys span ssh.service unit instead of ssh socket unit. I struggle how well I can use those materials to gain understanding if my own aim is to follow Ubuntu 22.04 Server default model. I could also learn that ssh-keygen.service is in state suspended as for 22.04 default design if cloud-init takes over connectivity configuration. Remembering the fact that cloud init is in this particular case disabled the ssh keygen service is expected to be active but isn’t. Further problem is listener port number and address customization done in sshd_config.d folder is not effective - socket service in operational state reports the use of default port and address. Host has 3 NICs and the desire is to have ssh listener only on one.

So far among free and public material none seen which would do start ssh socket unit. All guys consulted do rather systemctl start ssh.service.

I consulted AI regarding the combination of accounting for openstack’s recommendation on one side and 22.04 default design but customized (cloud init OFF) on another side and got the opinion that it can be risky to do it this way.

In current situation I don’t dare to start tests of ssh server operation - there are unclear points, open questions and picture on host unclear. Though the listener socket is not spawn according to cli tool ss.

Is AI right in its belief?
Which points presented are right, which ones are bad?
Why may ssh socket be not using listener port and address overrides in ssh_config.d/mine.config?

avb66 · January 3, 2026, 7:42am

Because ssh.socket is the systemd unit and the systemd does not use configuration from the /etc/ssh. The listening address is hardcoded in the unit definition:

[Socket]
ListenStream=22

You need to modify the unit definition. Like

mkdir -p /etc/systemd/system/ssh.socket.d
cat << \EOF > /etc/systemd/system/ssh.socket.d/mine.conf
[Socket]
ListenStream=
ListenStream=12345
EOF

This creates systemd configuration drop-in that overrides directives in the default ssh.socket unit definition setting 12345 as the only listening port. You can see the current ssh.socket with

systemctl cat ssh.socket

The first assignment ListenStream= clears the default ports. If you just want to add additional ports (not replace the already defined by default) this can be omitted.

system · January 4, 2026, 7:42am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.