* Thomas Goirand <z...@debian.org> [210217 20:38]: > # cat /etc/systemd/system/ssh.service.d/override.conf > [Unit] > After=network-online.target auditd.service > > But IMO, this is very wrong to mandate doing this, and not having ssh > connectivity after a reboot, is kind of a grave problem. > > So, could you hard-wire this in the openssh-server package directly, so Debian > users can avoid such an override? Indeed After=network.target doesn't tell you > that network is ready. After=network-online.target does, and that's IMO what > the ssh daemon should be using.
But if you do this, you'll end up delaying start of sshd for up to 120seconds in error cases. And even then, you might not get what you want (if you read systemd-networkd-wait-online.service(8) carefully). Services that use After=network-online.target are generally broken, please do not introduce that. As discussed already, IP_FREEBIND is a thing. The system-wide sysctl is a common workaround, especially for "bgp-on-the-host" setups, for all sorts of servers/daemons. Chris