Re: [systemd-devel] ssh socket activation (Was: systemd unit files for Debian based systems)
On Wed, 20.06.12 10:17, Mathieu Bridon (boche...@fedoraproject.org) wrote: On Tue, 2012-06-19 at 19:15 +0200, Lennart Poettering wrote: On Tue, 19.06.12 18:50, Michael Olbrich (m.olbr...@pengutronix.de) wrote: Hi, On Tue, Jun 19, 2012 at 10:03:23AM +0200, Lennart Poettering wrote: On Mon, 18.06.12 21:56, Paul Menzel (paulepan...@users.sourceforge.net) wrote: Do you know of a service file for openssh-server? The Fedora packages have some, but I don't like them too much since they don't use socket activation... Is someone actually working on real socket activation for openssh? While the inetd like stuff works, it does not perform well. it doesn't? In which way? It should be totally OK? When we worked on porting the package to systemd units, we found that the per-connection openssh process would exit with a non-zero status code even if the client disconnected properly: https://bugzilla.redhat.com/show_bug.cgi?id=697698#c59 No idea if that has been fixed upstream since, but that's why the inetd-style socket activation units aren't shipped in Fedora. Well, but that's hardly a performance issue, and adding - to the ExecStart= line makes this problem go away nicely. Lennart -- Lennart Poettering - Red Hat, Inc. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] ssh socket activation (Was: systemd unit files for Debian based systems)
On Wed, 2012-06-20 at 08:44 +0200, Lennart Poettering wrote: On Wed, 20.06.12 10:17, Mathieu Bridon (boche...@fedoraproject.org) wrote: On Tue, 2012-06-19 at 19:15 +0200, Lennart Poettering wrote: On Tue, 19.06.12 18:50, Michael Olbrich (m.olbr...@pengutronix.de) wrote: Hi, On Tue, Jun 19, 2012 at 10:03:23AM +0200, Lennart Poettering wrote: On Mon, 18.06.12 21:56, Paul Menzel (paulepan...@users.sourceforge.net) wrote: Do you know of a service file for openssh-server? The Fedora packages have some, but I don't like them too much since they don't use socket activation... Is someone actually working on real socket activation for openssh? While the inetd like stuff works, it does not perform well. it doesn't? In which way? It should be totally OK? When we worked on porting the package to systemd units, we found that the per-connection openssh process would exit with a non-zero status code even if the client disconnected properly: https://bugzilla.redhat.com/show_bug.cgi?id=697698#c59 No idea if that has been fixed upstream since, but that's why the inetd-style socket activation units aren't shipped in Fedora. Well, but that's hardly a performance issue, and adding - to the ExecStart= line makes this problem go away nicely. That's what I had proposed at first, but the maintainer didn't want it as that would also ignore actual errors. I'm pretty sure that's the only thing blocking the addition of a openssh-server-ondemand subpackage in Fedora though (the maintainer doesn't want this to be the default if I recall correctly from the bz ticket). -- Mathieu ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] ssh socket activation (Was: systemd unit files for Debian based systems)
On Tue, Jun 19, 2012 at 07:45:47PM +0200, Lennart Poettering wrote: On Tue, 19.06.12 23:40, Alexander E. Patrakov (patra...@gmail.com) wrote: IMHO there is one issue with the inetd-style approach: it is explicitly discouraged in man sshd. It may well be the case of outdated documentation, as I don't see any of the indicated problems on my desktop or laptop. Still, it would be nice to clarify this discrepancy in the unit file. I think this is mostly out of date information on today's machines. Starting a per-connection instance is hardly distuingishable from single-instance sshd latency-wise, at least on my machines here. Well, I don't have any numbers, but I think on a 200MHz ARM the situation might be a bit different. (I mean, I'd be happy if somebody would make sshd single-instance socket activatable, but I think the inetd-style activation is pretty OK performance wise and Apple ships SSH like this too, so I don't see why we shouldn't). I was mostly curious because of the issue in the man page. If that is no problem any more, then inetd-style activation is ok. ssh is mostly a debug and development tool for me anyways. And here any socket activation is really great because there is no impact one the startup time and memory usage but it's still available when needed. Michael -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0| Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917- | ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] ssh socket activation (Was: systemd unit files for Debian based systems)
Hi, On Tue, Jun 19, 2012 at 10:03:23AM +0200, Lennart Poettering wrote: On Mon, 18.06.12 21:56, Paul Menzel (paulepan...@users.sourceforge.net) wrote: Do you know of a service file for openssh-server? The Fedora packages have some, but I don't like them too much since they don't use socket activation... Is someone actually working on real socket activation for openssh? While the inetd like stuff works, it does not perform well. Regards, Michael -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0| Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917- | ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] ssh socket activation (Was: systemd unit files for Debian based systems)
On Tue, 19.06.12 18:50, Michael Olbrich (m.olbr...@pengutronix.de) wrote: Hi, On Tue, Jun 19, 2012 at 10:03:23AM +0200, Lennart Poettering wrote: On Mon, 18.06.12 21:56, Paul Menzel (paulepan...@users.sourceforge.net) wrote: Do you know of a service file for openssh-server? The Fedora packages have some, but I don't like them too much since they don't use socket activation... Is someone actually working on real socket activation for openssh? While the inetd like stuff works, it does not perform well. it doesn't? In which way? It should be totally OK? Lennart -- Lennart Poettering - Red Hat, Inc. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] ssh socket activation (Was: systemd unit files for Debian based systems)
2012/6/19 Lennart Poettering lenn...@poettering.net: On Tue, 19.06.12 18:50, Michael Olbrich (m.olbr...@pengutronix.de) wrote: Hi, On Tue, Jun 19, 2012 at 10:03:23AM +0200, Lennart Poettering wrote: On Mon, 18.06.12 21:56, Paul Menzel (paulepan...@users.sourceforge.net) wrote: Do you know of a service file for openssh-server? The Fedora packages have some, but I don't like them too much since they don't use socket activation... Is someone actually working on real socket activation for openssh? While the inetd like stuff works, it does not perform well. it doesn't? In which way? It should be totally OK? IMHO there is one issue with the inetd-style approach: it is explicitly discouraged in man sshd. It may well be the case of outdated documentation, as I don't see any of the indicated problems on my desktop or laptop. Still, it would be nice to clarify this discrepancy in the unit file. -- Alexander E. Patrakov ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] ssh socket activation (Was: systemd unit files for Debian based systems)
On Tue, 19.06.12 23:40, Alexander E. Patrakov (patra...@gmail.com) wrote: IMHO there is one issue with the inetd-style approach: it is explicitly discouraged in man sshd. It may well be the case of outdated documentation, as I don't see any of the indicated problems on my desktop or laptop. Still, it would be nice to clarify this discrepancy in the unit file. I think this is mostly out of date information on today's machines. Starting a per-connection instance is hardly distuingishable from single-instance sshd latency-wise, at least on my machines here. (I mean, I'd be happy if somebody would make sshd single-instance socket activatable, but I think the inetd-style activation is pretty OK performance wise and Apple ships SSH like this too, so I don't see why we shouldn't). Lennart -- Lennart Poettering - Red Hat, Inc. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] ssh socket activation (Was: systemd unit files for Debian based systems)
On Tue, Jun 19, 2012 at 8:40 PM, Alexander E. Patrakov patra...@gmail.com wrote: 2012/6/19 Lennart Poettering lenn...@poettering.net: On Tue, 19.06.12 18:50, Michael Olbrich (m.olbr...@pengutronix.de) wrote: Hi, On Tue, Jun 19, 2012 at 10:03:23AM +0200, Lennart Poettering wrote: On Mon, 18.06.12 21:56, Paul Menzel (paulepan...@users.sourceforge.net) wrote: Do you know of a service file for openssh-server? The Fedora packages have some, but I don't like them too much since they don't use socket activation... Is someone actually working on real socket activation for openssh? While the inetd like stuff works, it does not perform well. it doesn't? In which way? It should be totally OK? IMHO there is one issue with the inetd-style approach: it is explicitly discouraged in man sshd. It may well be the case of outdated documentation, as I don't see any of the indicated problems on my desktop or laptop. Still, it would be nice to clarify this discrepancy in the unit file. The documentation is incomplete. The ephemeral key is only generated if SSHv1 is enabled, while practically every installation now has Protocol 2 set. -- Mantas Mikulėnas ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] ssh socket activation (Was: systemd unit files for Debian based systems)
On Tue, 2012-06-19 at 19:15 +0200, Lennart Poettering wrote: On Tue, 19.06.12 18:50, Michael Olbrich (m.olbr...@pengutronix.de) wrote: Hi, On Tue, Jun 19, 2012 at 10:03:23AM +0200, Lennart Poettering wrote: On Mon, 18.06.12 21:56, Paul Menzel (paulepan...@users.sourceforge.net) wrote: Do you know of a service file for openssh-server? The Fedora packages have some, but I don't like them too much since they don't use socket activation... Is someone actually working on real socket activation for openssh? While the inetd like stuff works, it does not perform well. it doesn't? In which way? It should be totally OK? When we worked on porting the package to systemd units, we found that the per-connection openssh process would exit with a non-zero status code even if the client disconnected properly: https://bugzilla.redhat.com/show_bug.cgi?id=697698#c59 No idea if that has been fixed upstream since, but that's why the inetd-style socket activation units aren't shipped in Fedora. -- Mathieu ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel