From: Rasmus Villemoes <rasmus.villem...@prevas.dk> Quoting 'man systemd.special':
nss-user-lookup.target A target that should be used as synchronization point for all regular UNIX user/group name service lookups. [...] All services for which the availability of the full user/group database is essential should be ordered after this target, but not pull it in. All services which provide parts of the user/group database should be ordered before this target, and pull it in. When no service providing parts of the user/group database exists and thus pulls in the nss-user-lookup.target, this added dependency is a no-op. However, when such a service does exist, and e.g. modifies /etc/shadow to change password or enable/disable certain accounts, it is essential that no ssh connections are accepted until those changes are made. Signed-off-by: Rasmus Villemoes <rasmus.villem...@prevas.dk> --- meta/recipes-connectivity/openssh/openssh/sshd.service | 1 + meta/recipes-connectivity/openssh/openssh/sshd.socket | 1 + 2 files changed, 2 insertions(+) diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service index 2a997b656a..3e570ab1e5 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.service +++ b/meta/recipes-connectivity/openssh/openssh/sshd.service @@ -2,6 +2,7 @@ Description=OpenSSH server daemon Wants=sshdgenkeys.service After=sshdgenkeys.service +After=nss-user-lookup.target [Service] Environment="SSHD_OPTS=" diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket index 8d76d62309..7dd2ed0626 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd.socket +++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket @@ -1,6 +1,7 @@ [Unit] Conflicts=sshd.service Wants=sshdgenkeys.service +After=nss-user-lookup.target [Socket] ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd -- 2.40.1.1.g1c60b9335d
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198463): https://lists.openembedded.org/g/openembedded-core/message/198463 Mute This Topic: https://lists.openembedded.org/mt/105575252/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-