Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice.
[1] https://bugs.archlinux.org/task/62248 [2] https://github.com/systemd/systemd/issues/11553 Signed-off-by: Emil Kronborg <[email protected]> --- meta/recipes-connectivity/openssh/openssh_9.6p1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index 1fd36a266fde..a21570ed9382 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb @@ -57,7 +57,7 @@ DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d) # systemd-sshd-socket-mode means installing sshd.socket # and systemd-sshd-service-mode corresponding to sshd.service -PACKAGECONFIG ??= "systemd-sshd-socket-mode" +PACKAGECONFIG ??= "systemd-sshd-service-mode" PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" -- 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#196823): https://lists.openembedded.org/g/openembedded-core/message/196823 Mute This Topic: https://lists.openembedded.org/mt/104795507/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
