Comment 12 for bug 1993478

@crhis34 actually socket activated ssh is not that difficult to setup. The issue for me is only that the upgrade of the configuration did not work quite right (and I think it is really challenging to do that right)

but simply put you take the file
/etc/systemd/system/ssh.socket.d/addresses.conf

and write something like
[Socket]
ListenStream=
ListenStream=4444

(note the empty ListenStream=, that one is required to not listen on port 22)
followed by a systemctl daemon-reload

then if there is no /etc/systemd/system/ssh.service.d created by the upgrade script then what I did was
systemctl enable ssh.socket && systemctl disable --now ssh.service && systemctl start ssh.socket

an alternative might be doing that what the update script does:
override_dir=/etc/systemd/system/ssh.service.d
mkdir -p "$override_dir"
echo '[Unit]' > "$override_dir"/00-socket.conf
echo 'After=ssh.socket' >> "$override_dir"/00-socket.conf
echo 'Requires=ssh.socket' >> "$override_dir"/00-socket.conf

# deb-systemd-helper is inadequate for the task of
# changing policy for the units on upgrade
if [ -d /run/systemd/system ]; then
       systemctl daemon-reload
       systemctl disable ssh.service
       systemctl unmask ssh.service
       systemctl stop ssh.service
       systemctl enable ssh.socket
fi