sshd appears to be broken on the most recent rolling release:
vyos@cr01b-vyos:~$ show log all | grep -i ssh | head Jun 25 02:11:22 localhost live-config[618]: keyboard-configuration ssl-cert util-linux login openssh-server. Jun 25 02:11:22 localhost systemd[1]: Starting LSB: AWS EC2 instance init script to fetch and load ssh public key... Jun 25 02:11:22 localhost systemd[1]: Started LSB: AWS EC2 instance init script to fetch and load ssh public key. Jun 24 21:13:13 cr01b-vyos sshd[6149]: /etc/ssh/sshd_config line 49: missing address Jun 24 21:13:13 cr01b-vyos systemd[1]: ssh.service: Control process exited, code=exited, status=255/EXCEPTION Jun 24 21:13:13 cr01b-vyos systemd[1]: ssh.service: Failed with result 'exit-code'. Jun 24 21:13:14 cr01b-vyos systemd[1]: ssh.service: Service RestartSec=100ms expired, scheduling restart. Jun 24 21:13:14 cr01b-vyos systemd[1]: ssh.service: Scheduled restart job, restart counter is at 1. Jun 24 21:13:14 cr01b-vyos sshd[6151]: /etc/ssh/sshd_config line 49: missing address Jun 24 21:13:14 cr01b-vyos systemd[1]: ssh.service: Control process exited, code=exited, status=255/EXCEPTION
VyOS config:
vyos@cr01b-vyos# show service ssh disable-host-validation listen-address 192.168.15.4 listen-address fd52:d62e:8011:6e:192:168:15:4 port 53490 [edit]
/etc/ssh/sshd_config:
vyos@cr01b-vyos# cat /etc/ssh/sshd_config ### Autogenerated by ssh.py ### # https://linux.die.net/man/5/sshd_config # # Non-configurable defaults # Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key SyslogFacility AUTH LoginGraceTime 120 StrictModes yes PubkeyAuthentication yes IgnoreRhosts yes HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes Banner /etc/issue.net Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes PermitRootLogin no # # User configurable section # # Look up remote host name and check that the resolved host name for the remote IP # address maps back to the very same IP address. UseDNS no # Specifies the port number that sshd(8) listens on Port 53490 # Gives the verbosity level that is used when logging messages from sshd LogLevel INFO # Specifies whether password authentication is allowed PasswordAuthentication yes # Specifies the local addresses sshd should listen on ListenAddress ListenAddress [edit]
There's also some serious whitespace there...though I guess that doesn't really hurt anything.