I think a better option is to just not create a socket file for openssh, as it's not required. OpenSSH server is fully capable of managing it's own configuration via a very comprehensive config file, which is universally applicable across various distros and other OSs.
Its just wholly unrequired to allocate an on-demand socket for a daemon that listens all the time, anyways. A better alternative is to migrate configuration from the openssh configuration file into a systemd unit file, much like how the defaults files provide a baseline set of defaults for things. It can continue to provide defaults, with the unit file overriding the defaults. A socket for on-demand activation is pretty silly for a daemon that launches, and listens, by design, and returns a status code if unable to launch itself properly. It's just over-complication for the sake of... something? It would also require additional work to make tooling like ansible and puppet do something just for Ubuntu. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1991592 Title: openssh-server should ship a systemd generator to generate ssh socket port configuration from sshd_config Status in openssh package in Ubuntu: Triaged Bug description: A criticism of the existing sshd socket activation implementation is that Port/ListenAddress options are migrated on a one-time basis at package upgrade time, and afterwards users get the surprising behavior that Port/ListenAddress settings added to sshd_config are ignored. A systemd generator could be used to change the ssh socket unit configuration on boot, and on each change of /etc/ssh/sshd_config. Sample implementation from Dimitri: ssh.socket: [Unit] Wants=sshd-config.path # # Note the below defaults are cleared and overriden by # /lib/systemd/system-generators/sshd-generator # based on the sshd config from the sshd -T output # ListenStream=[::]:22 ListenStream=0.0.0.0:22 diff --git a/systemd/sshd-config.path b/systemd/sshd-config.path new file mode 100644 index 000000000..cfa9674a3 --- /dev/null +++ b/systemd/sshd-config.path @@ -0,0 +1,4 @@ +[Unit] +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run +[Path] +PathChanged=/etc/ssh/sshd_config diff --git a/systemd/sshd-config.service b/systemd/sshd-config.service new file mode 100644 index 000000000..b009ea52c --- /dev/null +++ b/systemd/sshd-config.service @@ -0,0 +1,5 @@ +[Unit] +Description=Regenerate ssh.socket.d/ssh-listen.conf drop-in + +[Service] +ExecStart=/bin/systemctl daemon-reload diff --git a/systemd/sshd-generator b/systemd/sshd-generator new file mode 100755 index 000000000..72c6aac04 --- /dev/null +++ b/systemd/sshd-generator @@ -0,0 +1,10 @@ +#!/bin/sh +set -eu +mkdir -p /run/sshd +sshd -t +mkdir -p $1/ssh.socket.d +target="$1/ssh.socket.d/ssh-listen.conf" +echo '[Socket]' > $target +echo 'ListenStream=' >> $target +sshd -T | sed -n 's/^listenaddress /ListenStream=/p' >> $target +rmdir --ignore-fail-on-non-empty /run/sshd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1991592/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
