On Fri, Mar 15, 2024 at 16:09 +, Ross Burton wrote:
> On 7 Mar 2024, at 20:08, Emil Kronborg via lists.openembedded.org
> wrote:
> >
> > Socket activation is prone to DoS (denial of service) because too many
> > connections will permanently deactivate sshd.socket [1]. Also, since
> > socket units do not allow setting Restart, accepting new connections can
> > fail due to, for example, OOM (out of memory) [2]. Therefore, it seems
> > more sensible to use sshd.service by default and let sshd.socket be an
> > optional choice.
>
> Counter-argument: this is why it’s a PACKAGECONFIG, and socket activation has
> the advantage that it makes boots faster. If DoS is a concern, then the
> distro can switch trivially to service activated.
>
> Ross
Those are fair arguments. What do you think about the situation where
sshd.socket becomes disabled, and you are unable to connect? I can see
this being a problem for remote boards or boards that are not easily
accessible. FWIW, socket activation is disabled by default on Arch Linux
and Fedora. I don't have a box running Debian (or any other distros)
right now to check those as well.
--
Emil Kronborg
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197312):
https://lists.openembedded.org/g/openembedded-core/message/197312
Mute This Topic: https://lists.openembedded.org/mt/104795507/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-