On Thu, 17.07.14 13:49, Roger Qiu (roger....@polycademy.com) wrote: > I've googled around and saw that 255 error code comes up a lot. But > most resources talked about "ssh" not necessarily the "sshd". If we > ignore 255 code, is it possible we're also ignoring some other real > errors, and not just the client failing the connection? Basically I > would like sshd to report an error, if it is indeed an error from > the host's side, not the client's side.
In general I'd recommend to use ExecStart=-/usr/sbin/sshd..., i.e. with the "-" between the = and the /. This tells systemd to completely ignore the exit/failure status of the process. The reason for this is that if an sshd instance fails it would stay around in failed state. Since you use per-connection instances this might be able to give an attacker the chance to create tons of failed services, until systemd refuses. I'd hence recommend to always ignore errors for services that are instantiated in theoretic unbounded numbers. You'll still get them reported in the logs, but I'd recommend not making them enter a service into "failed" mode. I hope that makes some sense, Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
