Comment 8 for bug 1576353
Revision history for this message
| Steve Langasek (vorlon) wrote Re: [Bug 1576353] Re: install openssh-server by default, prompt for enabling it on server iso install | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Sat, Apr 30, 2016 at 10:23:35AM -0000, Colin Watson wrote:
> Per-connection sshd instances with systemd
> -------
> If you want to reconfigure systemd to listen on port 22 itself and launch an
> instance of sshd for each connection (inetd-style socket activation), then
> you can run:
> systemctl stop ssh.service
> systemctl start ssh.socket
> To make this permanent:
> systemctl disable ssh.service
> systemctl enable ssh.socket
> This may be appropriate in environments where minimal footprint is critical
> (e.g. cloud guests). Be aware that this bypasses MaxStartups, and systemd's
> MaxConnections cannot quite replace this as it cannot distinguish between
> authenticated and unauthenticated connections; see
> https:/
> The provided ssh.socket unit file sets ListenStream=22. If you need to have
> it listen on a different address or port, then you will need to do this by
> copying /lib/systemd/
> modifying the ListenStream option. See systemd.socket(5) for details.
AIUI this should be fixable by patching openssh to use the systemd
socket-passing protocol (sd_listen_fds(3)) instead of relying on inetd-style
socket passing. In that case, openssh can apply whatever controls it wants
to the listen() socket.