This error occurs when you try to start the SSH daemon without using its full absolute path. sshd enforces this security requirement to prevent PATH manipulation attacks and to ensure the re-exec mechanism works correctly.
The sshd daemon has a built-in security check that requires it to be executed using an absolute path (starting with '/') rather than a relative path or just the binary name. This is enforced in the source code and triggered whenever sshd attempts to re-execute itself after accepting a connection. The check prevents attackers from injecting a malicious 'sshd' binary into the system by exploiting PATH vulnerabilities.
Use the which command to find the absolute path to your sshd installation:
which sshdThis will typically return /usr/sbin/sshd on Linux systems. If the command returns nothing, sshd is not installed or not in your PATH.
Start the SSH daemon using the full absolute path:
/usr/sbin/sshd -tFor testing syntax without starting the daemon, use the -t flag. To run the daemon in the foreground for debugging, use:
/usr/sbin/sshd -DIf you have a custom systemd service file, ensure the ExecStart directive uses the absolute path:
[Service]
ExecStart=/usr/sbin/sshd -DDo not use relative paths or variables that might not expand to absolute paths. After updating, reload and restart the service:
sudo systemctl daemon-reload
sudo systemctl restart sshInstead of trying to start sshd manually, use your system's service manager:
On systemd systems (most modern Linux distributions):
sudo systemctl start ssh
sudo systemctl start sshdOn init.d systems:
sudo service ssh startOn Termux (Android):
cd $PREFIX/var/service
sv-enable sshdService managers handle the absolute path requirements automatically and are the preferred method.
After starting sshd with the absolute path, verify it's listening on the SSH port:
sudo ss -tlnp | grep sshdOr on older systems:
sudo netstat -tlnp | grep sshdYou should see sshd listening on port 22 (or your configured port). You can also test SSH connectivity:
ssh -v localhostThe absolute path requirement is a security feature that protects against PATH poisoning attacks. When sshd re-executes itself (which happens after accepting a connection for privilege separation), it needs to know the exact path to invoke. If sshd were allowed to start with a relative path like 'sshd' or './sshd', an attacker could place a malicious binary in a directory early in the PATH and have sshd invoke that instead. By requiring an absolute path, sshd ensures it will always re-exec the correct binary.
On some systems with containerization (like Termux), special service managers may be required. Always check your system's service manager documentation for the recommended way to start sshd. For most Linux distributions using systemd, simply use 'sudo systemctl start ssh' or 'sudo systemctl start sshd' depending on your distribution's naming convention.
Load key "/home/user/.ssh/id_rsa": invalid format
How to fix 'Load key invalid format' in SSH
Bad owner or permissions on /home/user/.ssh/config
How to fix "Bad owner or permissions on .ssh/config" in SSH
Error connecting to agent: Connection refused
How to fix "Error connecting to agent: Connection refused" in SSH
Connection closed by UNKNOWN port 65535
How to fix 'Connection closed by UNKNOWN port 65535' in SSH
Offending ECDSA key in /home/user/.ssh/known_hosts:line
How to fix "Offending ECDSA key in known_hosts" in SSH