OpenSSH server fails to start due to missing directory

24/11/2018 - OpenSSH, sshd, Linux

I had OpenSSH server fail to start on an OpenVZ instance of Ubuntu 16.04, with systemctl reporting:

# systemctl status sshd.service
‚óŹ ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
   Active: failed (Result: start-limit-hit) since Sat 2018-11-24 15:55:05 EST; 3min 48s ago
  Process: 487 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255)

Nov 24 15:55:05 hname systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 24 15:55:05 hname systemd[1]: ssh.service: Unit entered failed state.
Nov 24 15:55:05 hname systemd[1]: ssh.service: Failed with result 'exit-code'.
Nov 24 15:55:05 hname systemd[1]: ssh.service: Service hold-off time over, scheduling restart.
Nov 24 15:55:05 hname systemd[1]: Stopped OpenBSD Secure Shell server.
Nov 24 15:55:05 hname systemd[1]: ssh.service: Start request repeated too quickly.
Nov 24 15:55:05 hname systemd[1]: Failed to start OpenBSD Secure Shell server.
Nov 24 15:55:05 hname systemd[1]: ssh.service: Unit entered failed state.
Nov 24 15:55:05 hname systemd[1]: ssh.service: Failed with result 'start-limit-hit'.

Running sshd -t reports:

# sshd -t
Missing privilege separation directory: /var/run/sshd

This should be created by systemd-tmpfiles based on the configuration in /usr/lib/tmpfiles.d/sshd.conf which contains:

d /var/run/sshd 0755 root root

Running systemd-tmpfiles directly:

# systemd-tmpfiles --create
Failed to validate path /var/run/sshd: Too many levels of symbolic links

The /var/run directory is actually a symlink to /run:

# ls -l /var/run
lrwxrwxrwx 1 root root 4 Apr 26  2018 /var/run -> /run

It appears that systemd-tmpfiles will not follow the symlink as described here. I found the easiest fix to change /usr/lib/tmpfiles.d/sshd.conf to:

d /run/sshd 0755 root root