I am trying to set up a new server. Using tailscale VPN, I want to make sure that the server is ssh'able only when you are connected to VPN, not outside.
The sshd_config has a parameter called ListenAddress,which I have to make sure belongs to the VPN, any other ssh requests will be refused. So, I set that to be equal to my VPN address. On reboot, ssh doesn't work and I start getting connection refused exception every time I try to ssh.
Things I tried:
sudo service ssh restart
This succeeds but same story on reboots. When rebooted, ssh ability is gone.
systemctl status ssh
This gives me the below error
Mar 28 19:08:01 jaskirat-ThinkCentre-M73 sshd[707]: error: Bind to port 22 on 100.x.y.z failed: Cannot assign requested address.
Mar 28 19:08:01 jaskirat-ThinkCentre-M73 sshd[707]: fatal: Cannot bind any address.
If it helps, I'm using tailscale VPN. My guess is, tailscale is not up before sshd start, but I'm not sure how to accomplish this. Could you please help?
Cheers
Thanks to @Mr Zeus, I've been able to patch this issue(temporary good enough fix). I'd appreciate any better solutions in case you have any.
Tailscale is taking time to setup. By the time tailscale is up running, sshd starts. Hence, VPN ip address is not available at the time the sshd tries to bind, leading to no ip addr available exception.
Now, the sshd service is configured in such a way that it doesnt retry when exit code is 255, which is my case here.
So, I removed the key RestartPreventExitStatus=255. This seems a good fix, but I don't know the impacts of this override.
Thoughts?