To prevent the vsock-based sshd from auto-spawning, see https://www.freedesktop.org/software/systemd/man/devel/systemd-ssh-generator.html
In short: `systemd.ssh_auto=no` is the kernel-command-line setting which persists after reboots. ~Benjamin ________________________________________ From: Jacob Bachmeyer <[email protected]> Sent: Sunday, December 28, 2025 10:11 PM To: [email protected] <[email protected]>; Greg Dahlman <[email protected]> Subject: Re: [oss-security] Systemd vsock sshd [You don't often get email from [email protected]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] On 12/27/25 21:46, Greg Dahlman wrote: > [...] > > **Systemd v256 change** - When the *openssh-server* package is > installed on a VM with vsock support, systemd now automatically > starts an *sshd* instance that listens on the **af_vsock** socket in > the **global network namespace** without any manual configuration. Obvious question: what manual configuration is required to kill that listener? -- Jacob
