On Sat, Apr 30, 2016 at 10:23:35AM -0000, Colin Watson wrote: > Per-connection sshd instances with systemd > ------------------------------------------
> If you want to reconfigure systemd to listen on port 22 itself and launch an > instance of sshd for each connection (inetd-style socket activation), then > you can run: > systemctl stop ssh.service > systemctl start ssh.socket > To make this permanent: > systemctl disable ssh.service > systemctl enable ssh.socket > This may be appropriate in environments where minimal footprint is critical > (e.g. cloud guests). Be aware that this bypasses MaxStartups, and systemd's > MaxConnections cannot quite replace this as it cannot distinguish between > authenticated and unauthenticated connections; see > https://bugzilla.redhat.com/show_bug.cgi?id=963268 for more discussion. > The provided ssh.socket unit file sets ListenStream=22. If you need to have > it listen on a different address or port, then you will need to do this by > copying /lib/systemd/system/ssh.socket to /etc/systemd/system/ssh.socket and > modifying the ListenStream option. See systemd.socket(5) for details. AIUI this should be fixable by patching openssh to use the systemd socket-passing protocol (sd_listen_fds(3)) instead of relying on inetd-style socket passing. In that case, openssh can apply whatever controls it wants to the listen() socket. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576353 Title: Install openssh-server with disabled password auth by default on servers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-cdimage/+bug/1576353/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs