Unknown dropbear process running on HassOS with open port

I see a dropbear process listening on port 22222, which is concerning because I did not open this port.

Note that I do not have any SSH add-ons installed. Long ago I had the ssh add-on but I uninstalled it a month ago. I can stop the process by logging into HassOs host and running “systemctl stop dropbear”. However, the process start after every boot of Hass VM.

I cannot do any of the below due to HassOS restrictions:

1. Uninstall dropbear
2. Remove symlinks to ensure it fails to start
3. systemctl disable dropbear (Error: Readonly filesystem)

Want to add that I only have 4 official add-ons running (such as Zigbee2Mqtt etc;) and none of them should be using this port 22222.

Please help me in identifying or cleaning this up.

If i am not mistaken, SSH on port 22 will take you to HA-docker container while SSH on port 22222 is for connecting to the host OS

I don’t think so… By default the host OS does not have ssh enabled… Infact it’s not recommended.
The official way is to install ssh add-on, which creates a new container running ssh daemon. Then you can configure a host port to map to the containers default 22. In the official documentation, the recommendation is to use 22222 on host that gets mapped to the 22 on ssh daemon.

In my case, I do not have ssh addon, however I see the port 22222 open on host by dropbear

If available, you can use sudo netstat -tulpen or sudo lsof -i :22222 to identify the process to that port. If it is docker-proxy, then it‘s HA or an add-on opening that port.

Tried that. It just shows the PID and process name as dropbear

At some point you enabled debugging access.

It’s very likely I have done that as I remember going through that page in the beginning days. Based on my further debugging, I see that the dropbear starts “if (Exists authorized_keys)”… That explains it.
I removed my authorized_keys file and when I try “systemctl start dropbear”, the service no longer starts.

Thanks a lot.