On Wed, 23 Aug 2017, Sven Joachim wrote:
>
> Package: openssh-server
> Version: 1:7.5p1-6
> Severity: important
>
> I am using ssh.socket rather than ssh.server to start the daemon on
> demand, and in this situation /run/sshd is not created, leading to
> refused connections.
>
> To fix that, I added the RuntimeDirectory=sshd to [email protected]. This
> seems to work, although the behavior is a bit strange: as soon as a
> connection closes, the /run/sshd directory will be removed, even if
> other connections are still active. But the directory only needs to
> exist during the pre-authentication phase, if I read README.privsep
> correctly.
That may work fine on a box with a fast CPU/disk, but on a slow box
(200MHz), with a lot of per-demand connections it looks racy
(systemd 233). And the cause might be:
`man 5 systemd.exec'
RuntimeDirectory=
...
and to make sure the runtime directory is cleaned up
automatically after use.
Does systemd (234) address the issue?
Ideally, /run/sshd would be created once and never removed. Is there
a directive for that?
/lib/systemd/system/ssh.socket looks a bit doggy too. I would like it
to be:
[email protected]
Am I wrong? /lib/systemd/system/[email protected] directive:
After=auditd.service
should possibly be:
After=auditd.service network-online.target
shouldn't it? Else it doesn't make much sense.
Cheers,
--
Cristian
