David Runge pushed to branch main at Arch Linux / Packaging / Packages / openssh
Commits: 2d012def by Allison Karlitskaya at 2025-07-16T23:13:20-04:00 Add sshd@.service to call ssh-keygen from vsock When connecting to a new system (ie: one without ssh keys already generated) via the vsock listener (created by systemd-ssh-generator), we'll get this error in the journal: Jun 26 14:40:46 archlinux sshd[367]: sshd: no hostkeys available -- exiting. and the client will be disconnected. That's because, although we provide a sshd.service which depends on our sshdgenkeys.service, we don't do the same for sshd@.service (ie: "inetd mode", `sshd -i`), which is how the vsock sshd runs. Upstream is of the opinion that it's our responsibility to provide that file. See https://github.com/systemd/systemd/issues/37980 Add the missing file. Fixes #12 Co-authored-by: David Runge <dv...@archlinux.org> - - - - - 3 changed files: - .SRCINFO - PKGBUILD - + sshd@.service Changes: ===================================== .SRCINFO ===================================== @@ -32,6 +32,7 @@ pkgbase = openssh source = sshdgenkeys.service source = 70-openssh-restart-sshd.hook source = sshd.service + source = sshd@.service source = ssh-agent.service source = ssh-agent.socket source = sshd.pam @@ -43,6 +44,7 @@ pkgbase = openssh sha256sums = 27c4187d2456386112c9a3194d8c52a1ee9987662ffe54f94292af92b3c95d77 sha256sums = 3cbe1f95fd27780cafde7faf97b75bebd1a9621df21f55705374df0fa694a8bc sha256sums = 9cea0ee6645062840fbaa4c64dcf6d7ad77d376eb0a1820d4f0dceecbb148419 + sha256sums = 6b8e88f8026a4966cf96f518ad4ce1cbd425f0e7dcd5433ed18980fb706aa668 sha256sums = 824bf888ad0cb20ff3c2e13292389eb355ab91c3d9cc2fe0c8c5c60365d4a9c7 sha256sums = a16492e1eb9219d47a9053f0c83cdc323bff3c6f5b573bc6509ec40e40e4d04b sha256sums = 633e24cbfcb045ba777d3e06d5f85dfaa06d44f4727d38c7fb2187c57498221d @@ -53,6 +55,7 @@ pkgbase = openssh b2sums = 8ae3e51b4a1a154cbf732575a49a358158432ab5de452c7609be7e0e457981406379881f061d4af71e98298b6a4193e02dd2fbf368376d84191aee8b1531e32e b2sums = bfb2d00d42f61efde208c7bf34c7e6943eafc21550de0e5f2d92df51fd465db220e21e031493a68844ecb843c98a5ef18aace41ec17be35cb0f0592864f4ae2f b2sums = 7e771ce655e1e0ff3b19ff49de55f4097872b21c695fc0d18166d033d261d7ae25896ef7b7c6a940730aca1c5f9ef68e37da18c9df240da978c619f99f8351f8 + b2sums = 8e3a6e566e54c50e1dc5ef8d46ef778dc3634ab63cde18c789f1a049fee80561f066772a433a1093c7c7e19ae56abdb7c24765cb6cbfb7bac15bcaaca7aa7c2e b2sums = 6a80552260bc016757725602638478345565e1466335da8a70e0b4e49fe2e9d3b863df83764696cd91637c17dd137ed7c26188a1d795af3d024d89c9c229829b b2sums = f161cdb54609bd4521d9517c5c9d97a87f7de5c7504bf46d870ee814624817050ca9f68d42a1e661ecc7c3ede1a440b5b159df18f3b16b3c2e90ecfbd0dfd258 b2sums = 1d24cc029eccf71cee54dda84371cf9aa8d805433e751575ab237df654055dd869024b50facd8b73390717e63100c76bca28b493e0c8be9791c76a2e0d60990a ===================================== PKGBUILD ===================================== @@ -49,6 +49,7 @@ source=( sshdgenkeys.service 70-openssh-restart-sshd.hook sshd.service + sshd@.service ssh-agent.service ssh-agent.socket sshd.pam @@ -60,6 +61,7 @@ sha256sums=('021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c' '27c4187d2456386112c9a3194d8c52a1ee9987662ffe54f94292af92b3c95d77' '3cbe1f95fd27780cafde7faf97b75bebd1a9621df21f55705374df0fa694a8bc' '9cea0ee6645062840fbaa4c64dcf6d7ad77d376eb0a1820d4f0dceecbb148419' + '6b8e88f8026a4966cf96f518ad4ce1cbd425f0e7dcd5433ed18980fb706aa668' '824bf888ad0cb20ff3c2e13292389eb355ab91c3d9cc2fe0c8c5c60365d4a9c7' 'a16492e1eb9219d47a9053f0c83cdc323bff3c6f5b573bc6509ec40e40e4d04b' '633e24cbfcb045ba777d3e06d5f85dfaa06d44f4727d38c7fb2187c57498221d') @@ -70,6 +72,7 @@ b2sums=('4ce353adf75aade8f4b2a223ad13e2f92cd23d1e60b4ee52bad0eaf036571229438cd97 '8ae3e51b4a1a154cbf732575a49a358158432ab5de452c7609be7e0e457981406379881f061d4af71e98298b6a4193e02dd2fbf368376d84191aee8b1531e32e' 'bfb2d00d42f61efde208c7bf34c7e6943eafc21550de0e5f2d92df51fd465db220e21e031493a68844ecb843c98a5ef18aace41ec17be35cb0f0592864f4ae2f' '7e771ce655e1e0ff3b19ff49de55f4097872b21c695fc0d18166d033d261d7ae25896ef7b7c6a940730aca1c5f9ef68e37da18c9df240da978c619f99f8351f8' + '8e3a6e566e54c50e1dc5ef8d46ef778dc3634ab63cde18c789f1a049fee80561f066772a433a1093c7c7e19ae56abdb7c24765cb6cbfb7bac15bcaaca7aa7c2e' '6a80552260bc016757725602638478345565e1466335da8a70e0b4e49fe2e9d3b863df83764696cd91637c17dd137ed7c26188a1d795af3d024d89c9c229829b' 'f161cdb54609bd4521d9517c5c9d97a87f7de5c7504bf46d870ee814624817050ca9f68d42a1e661ecc7c3ede1a440b5b159df18f3b16b3c2e90ecfbd0dfd258' '1d24cc029eccf71cee54dda84371cf9aa8d805433e751575ab237df654055dd869024b50facd8b73390717e63100c76bca28b493e0c8be9791c76a2e0d60990a') @@ -153,6 +156,7 @@ package() { install -Dm644 ../sshdgenkeys.service -t "$pkgdir"/usr/lib/systemd/system/ install -Dm644 ../sshd.service -t "$pkgdir"/usr/lib/systemd/system/ + install -Dm644 ../sshd@.service -t "$pkgdir"/usr/lib/systemd/system/ install -Dm644 ../ssh-agent.{service,socket} -t "$pkgdir"/usr/lib/systemd/user/ install -Dm644 ../sshd.pam "$pkgdir"/etc/pam.d/sshd install -vDm 644 ../70-openssh-restart-sshd.hook -t "$pkgdir/usr/share/libalpm/hooks/" ===================================== sshd@.service ===================================== @@ -0,0 +1,16 @@ +# This is required to prevent systemd-ssh-generator from creating a default +# file in its place. The main change vs. upstream is the addition of Wants= +# for our sshgenkeys.service, which systemd otherwise doesn't know about. + +[Unit] +After=local-fs.target network.target sshdgenkeys.service +Before=shutdown.target +Conflicts=shutdown.target +DefaultDependencies=no +Description=OpenSSH Per-Connection Server Daemon +Wants=sshdgenkeys.service + +[Service] +ExecStart=-/usr/bin/sshd -i -o "AuthorizedKeysFile ${CREDENTIALS_DIRECTORY}/ssh.ephemeral-authorized_keys-all .ssh/authorized_keys" +ImportCredential=ssh.ephemeral-authorized_keys-all +StandardInput=socket View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/commit/2d012def5ae47c69c34ddedf68329cb0eac9803d -- View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/commit/2d012def5ae47c69c34ddedf68329cb0eac9803d You're receiving this email because of your account on gitlab.archlinux.org.
