On Tue, Sep 08, 2015 at 10:05:05AM +0200, Francis Moreau wrote: > On 09/07/2015 11:28 AM, Richard Maw wrote: > > On Sun, Sep 06, 2015 at 12:43:51PM +0200, Francis Moreau wrote: > >> How is this handled ? Should we put a big warning in sshd_config to hint > >> user to configure ListenAddress in sshd.socket in the case socket > >> activation is used ? > > > >> Or should sshd simply ignore all listening addresses defined in sshd_config > >> when in socket activation mode ? > > > > That would be my preferred solution. I may be missing something important > > here, > > but I'd always assumed that sshd wouldn't need to worry about the listen > > address if something else was accepting the connections on the socket. > > > > The downside of this would be that starting the service directly (ie not > the socket unit) won't work anymore
Does it? I understood that the common configuration for socket activated sshd was to have a sshd.service for if you want it to always be running, and a pair of sshd@.service and sshd.socket. The former runs with -D, and the latter runs with -i. Presumably this would be sufficient information that sshd could be made to ignore the listen address in the sshd_config if it's being run with -i. > > As another alternative though, you could consider the sshd_config file the > > canonical location for the listen address, and have a generator parse > > sshd_config, and write a drop-in snippet for sshd.socket to set the > > ListenAddress. > > Indeed that would work and would solve the problem, however not sure > that sshd_config file will be available at the time when the generator > will need it. Systemd generally assumes that /usr and /etc are already mounted when it starts, so generators should be able to read /etc/ssh/sshd_config. > Also the generator would have to be generic enough to parse and support > several config file syntax. And regarding the number of different config > file syntax (can even be xml !), I'm not sure it will be a good idea. Surely the generator for sshd.socket.d/listen-address.conf only needs to be able to read the sshd_config file. > Do you think that would be something that systemd upstream would be > interested in ? Maybe there were already some discussions/works around > that ? For parsing config files of other configuration systems, no, sysvinit and /etc/fstab are mostly the only foreign configuration formats systemd cares about. These are also split out into the generator mechanism rather than parsed by systemd directly. Systemd tends not to carry service configuration for other software, though the openssh upstream, or their distribution downstreams could carry the code for a listen address configuration generator. See http://www.freedesktop.org/software/systemd/man/systemd.generator.html for how generators work and https://github.com/systemd/systemd/blob/master/src/debug-generator/debug-generator.c for an example. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
