[4/4] package/openssh: add sd socket-activated ssh daemon services

Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
 package/openssh/openssh.mk               |  6 +++---
 package/openssh/sshd-host-keygen.service |  2 +-
 package/openssh/sshd.socket              | 11 +++++++++++
 package/openssh/sshd@.service            | 10 ++++++++++
 4 files changed, 25 insertions(+), 4 deletions(-)
 create mode 100644 package/openssh/sshd.socket
 create mode 100644 package/openssh/sshd@.service

Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a écrit :

> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> ---
>  package/openssh/openssh.mk               |  6 +++---
>  package/openssh/sshd-host-keygen.service |  2 +-
>  package/openssh/sshd.socket              | 11 +++++++++++
>  package/openssh/sshd@.service            | 10 ++++++++++
>  4 files changed, 25 insertions(+), 4 deletions(-)
>  create mode 100644 package/openssh/sshd.socket
>  create mode 100644 package/openssh/sshd@.service
>
> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
> index 6b3ee1f5f4..1f2638e9c9 100644
> --- a/package/openssh/openssh.mk
> +++ b/package/openssh/openssh.mk
> @@ -114,9 +114,9 @@ endef
>  OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS
>
>  define OPENSSH_INSTALL_INIT_SYSTEMD
> -       mkdir $(TARGET_DIR)/usr/lib/systemd/system
> -       $(INSTALL) -m 644 package/openssh/sshd*.service \
> -               $(TARGET_DIR)/usr/lib/systemd/system/
> +       mkdir -p $(TARGET_DIR)/usr/lib/systemd/system
> +       $(INSTALL) -m 644 package/openssh/sshd*.service
> package/openssh/sshd.socket \
> +               $(TARGET_DIR)/usr/lib/systemd/system/.
>         $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS)
>  endef
>
> diff --git a/package/openssh/sshd-host-keygen.service
> b/package/openssh/sshd-host-keygen.service
> index 058e671c44..ffde622b01 100644
> --- a/package/openssh/sshd-host-keygen.service
> +++ b/package/openssh/sshd-host-keygen.service
> @@ -17,4 +17,4 @@ Type=oneshot
>  RemainAfterExit=yes
>
>  [Install]
> -WantedBy=sshd.service
> +WantedBy=sshd.service sshd.socket
> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket
> new file mode 100644
> index 0000000000..bbae9ed7aa
> --- /dev/null
> +++ b/package/openssh/sshd.socket
> @@ -0,0 +1,11 @@
> +[Unit]
> +Description=OpenBSD Secure Shell server socket
> +Before=sshd.service
> +Conflicts=sshd.service
>
No, that would stop the socket when the service is started, and you don't
want that.
If you do that, only one connection would be accepted before the socket is
stoped
and since you have accept=yes no further connections would be accepted


> +
> +[Socket]
> +ListenStream=22
> +Accept=yes
> +
> +[Install]
> +WantedBy=sockets.target
> diff --git a/package/openssh/sshd@.service b/package/openssh/sshd@.service
> new file mode 100644
> index 0000000000..b3a590d9a3
> --- /dev/null
> +++ b/package/openssh/sshd@.service
> @@ -0,0 +1,10 @@
> +[Unit]
> +Description=OpenBSD Secure Shell server per-connection daemon
> +Documentation=man:sshd(8) man:sshd_config(5)
> +After=auditd.service
> +
> +[Service]
> +ExecStart=-/usr/sbin/sshd -i
> +StandardInput=socket
> +RuntimeDirectory=sshd
> +RuntimeDirectoryMode=0755
>

I am a bit confused, you have both an ssh.service and a ssh.socket+ssh@
.service
Wouldn't those two fight over port 22 ?




> --
> 2.26.2
>
> _______________________________________________
> buildroot mailing list
> buildroot@busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>

Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>:
>
>
>
> Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a écrit :
>>
>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>> ---
>>  package/openssh/openssh.mk               |  6 +++---
>>  package/openssh/sshd-host-keygen.service |  2 +-
>>  package/openssh/sshd.socket              | 11 +++++++++++
>>  package/openssh/sshd@.service            | 10 ++++++++++
>>  4 files changed, 25 insertions(+), 4 deletions(-)
>>  create mode 100644 package/openssh/sshd.socket
>>  create mode 100644 package/openssh/sshd@.service
>>
>> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
>> index 6b3ee1f5f4..1f2638e9c9 100644
>> --- a/package/openssh/openssh.mk
>> +++ b/package/openssh/openssh.mk
>> @@ -114,9 +114,9 @@ endef
>>  OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS
>>
>>  define OPENSSH_INSTALL_INIT_SYSTEMD
>> -       mkdir $(TARGET_DIR)/usr/lib/systemd/system
>> -       $(INSTALL) -m 644 package/openssh/sshd*.service \
>> -               $(TARGET_DIR)/usr/lib/systemd/system/
>> +       mkdir -p $(TARGET_DIR)/usr/lib/systemd/system
>> +       $(INSTALL) -m 644 package/openssh/sshd*.service package/openssh/sshd.socket \
>> +               $(TARGET_DIR)/usr/lib/systemd/system/.
>>         $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS)
>>  endef
>>
>> diff --git a/package/openssh/sshd-host-keygen.service b/package/openssh/sshd-host-keygen.service
>> index 058e671c44..ffde622b01 100644
>> --- a/package/openssh/sshd-host-keygen.service
>> +++ b/package/openssh/sshd-host-keygen.service
>> @@ -17,4 +17,4 @@ Type=oneshot
>>  RemainAfterExit=yes
>>
>>  [Install]
>> -WantedBy=sshd.service
>> +WantedBy=sshd.service sshd.socket
>> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket
>> new file mode 100644
>> index 0000000000..bbae9ed7aa
>> --- /dev/null
>> +++ b/package/openssh/sshd.socket
>> @@ -0,0 +1,11 @@
>> +[Unit]
>> +Description=OpenBSD Secure Shell server socket
>> +Before=sshd.service
>> +Conflicts=sshd.service
>
> No, that would stop the socket when the service is started, and you don't want that.
> If you do that, only one connection would be accepted before the socket is stoped
> and since you have accept=yes no further connections would be accepted

there is the singular sshd service
and the sshd.socket which spawns sshd@ instance services.
Those are mutually exclusive (because of the "Conflicts"), the
"Before" line just ensures that the sshd.socket wins out by default.

>
>>
>> +
>> +[Socket]
>> +ListenStream=22
>> +Accept=yes
>> +
>> +[Install]
>> +WantedBy=sockets.target
>> diff --git a/package/openssh/sshd@.service b/package/openssh/sshd@.service
>> new file mode 100644
>> index 0000000000..b3a590d9a3
>> --- /dev/null
>> +++ b/package/openssh/sshd@.service
>> @@ -0,0 +1,10 @@
>> +[Unit]
>> +Description=OpenBSD Secure Shell server per-connection daemon
>> +Documentation=man:sshd(8) man:sshd_config(5)
>> +After=auditd.service
>> +
>> +[Service]
>> +ExecStart=-/usr/sbin/sshd -i
>> +StandardInput=socket
>> +RuntimeDirectory=sshd
>> +RuntimeDirectoryMode=0755
>
>
> I am a bit confused, you have both an ssh.service and a ssh.socket+ssh@.service
> Wouldn't those two fight over port 22 ?

No, on a fresh installation, the socket will be started, the sshd
service will not because of the "Conflicts".
if you manually enable/start the sshd.service then the socket will be
shutdown first.

>
>
>
>>
>> --
>> 2.26.2
>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot@busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot
>
>
>
> --
>
>
> 20 rue des Jardins
> 92600 Asnières-sur-Seine
>
> Jérémy ROSEN
> Architecte technique
>
>  jeremy.rosen@smile.fr
>   +33 6 88 25 87 42
>  http://www.smile.eu

Norbert

Le dim. 7 juin 2020 à 21:11, Norbert Lange <nolange79@gmail.com> a écrit :

> Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN <
> jeremy.rosen@smile.fr>:
> >
> >
> >
> > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a
> écrit :
> >>
> >> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> >> ---
> >>  package/openssh/openssh.mk               |  6 +++---
> >>  package/openssh/sshd-host-keygen.service |  2 +-
> >>  package/openssh/sshd.socket              | 11 +++++++++++
> >>  package/openssh/sshd@.service            | 10 ++++++++++
> >>  4 files changed, 25 insertions(+), 4 deletions(-)
> >>  create mode 100644 package/openssh/sshd.socket
> >>  create mode 100644 package/openssh/sshd@.service
> >>
> >> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
> >> index 6b3ee1f5f4..1f2638e9c9 100644
> >> --- a/package/openssh/openssh.mk
> >> +++ b/package/openssh/openssh.mk
> >> @@ -114,9 +114,9 @@ endef
> >>  OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS
> >>
> >>  define OPENSSH_INSTALL_INIT_SYSTEMD
> >> -       mkdir $(TARGET_DIR)/usr/lib/systemd/system
> >> -       $(INSTALL) -m 644 package/openssh/sshd*.service \
> >> -               $(TARGET_DIR)/usr/lib/systemd/system/
> >> +       mkdir -p $(TARGET_DIR)/usr/lib/systemd/system
> >> +       $(INSTALL) -m 644 package/openssh/sshd*.service
> package/openssh/sshd.socket \
> >> +               $(TARGET_DIR)/usr/lib/systemd/system/.
> >>         $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS)
> >>  endef
> >>
> >> diff --git a/package/openssh/sshd-host-keygen.service
> b/package/openssh/sshd-host-keygen.service
> >> index 058e671c44..ffde622b01 100644
> >> --- a/package/openssh/sshd-host-keygen.service
> >> +++ b/package/openssh/sshd-host-keygen.service
> >> @@ -17,4 +17,4 @@ Type=oneshot
> >>  RemainAfterExit=yes
> >>
> >>  [Install]
> >> -WantedBy=sshd.service
> >> +WantedBy=sshd.service sshd.socket
> >> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket
> >> new file mode 100644
> >> index 0000000000..bbae9ed7aa
> >> --- /dev/null
> >> +++ b/package/openssh/sshd.socket
> >> @@ -0,0 +1,11 @@
> >> +[Unit]
> >> +Description=OpenBSD Secure Shell server socket
> >> +Before=sshd.service
> >> +Conflicts=sshd.service
> >
> > No, that would stop the socket when the service is started, and you
> don't want that.
> > If you do that, only one connection would be accepted before the socket
> is stoped
> > and since you have accept=yes no further connections would be accepted
>
> there is the singular sshd service
> and the sshd.socket which spawns sshd@ instance services.
> Those are mutually exclusive (because of the "Conflicts"), the
> "Before" line just ensures that the sshd.socket wins out by default.
>
>
aah right, I messed up sshd.service and sshd@.service in my head.
my bad.

I personally think we shouldn't install both methods.
either choose a distro-wide decision or provide a config option

Anyway, I see what you are doing now, and that should work, AFAICT.

I still think that it's cool that openssh supports all those startup
methods,
but I'm not convinced we need to support all of them in BR.

Thoughts ?

Regards
Jeremy

> >
> >>
> >> +
> >> +[Socket]
> >> +ListenStream=22
> >> +Accept=yes
> >> +
> >> +[Install]
> >> +WantedBy=sockets.target
> >> diff --git a/package/openssh/sshd@.service b/package/openssh/sshd@
> .service
> >> new file mode 100644
> >> index 0000000000..b3a590d9a3
> >> --- /dev/null
> >> +++ b/package/openssh/sshd@.service
> >> @@ -0,0 +1,10 @@
> >> +[Unit]
> >> +Description=OpenBSD Secure Shell server per-connection daemon
> >> +Documentation=man:sshd(8) man:sshd_config(5)
> >> +After=auditd.service
> >> +
> >> +[Service]
> >> +ExecStart=-/usr/sbin/sshd -i
> >> +StandardInput=socket
> >> +RuntimeDirectory=sshd
> >> +RuntimeDirectoryMode=0755
> >
> >
> > I am a bit confused, you have both an ssh.service and a ssh.socket+ssh@
> .service
> > Wouldn't those two fight over port 22 ?
>
> No, on a fresh installation, the socket will be started, the sshd
> service will not because of the "Conflicts".
> if you manually enable/start the sshd.service then the socket will be
> shutdown first.
>
> >
> >
> >
> >>
> >> --
> >> 2.26.2
> >>
> >> _______________________________________________
> >> buildroot mailing list
> >> buildroot@busybox.net
> >> http://lists.busybox.net/mailman/listinfo/buildroot
> >
> >
> >
> > --
> >
> >
> > 20 rue des Jardins
> > 92600 Asnières-sur-Seine
> >
> > Jérémy ROSEN
> > Architecte technique
> >
> >  jeremy.rosen@smile.fr
> >   +33 6 88 25 87 42
> >  http://www.smile.eu
>
> Norbert
>

Am So., 7. Juni 2020 um 21:32 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>:
>
>
>
> Le dim. 7 juin 2020 à 21:11, Norbert Lange <nolange79@gmail.com> a écrit :
>>
>> Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>:
>> >
>> >
>> >
>> > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a écrit :
>> >>
>> >> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>> >> ---
>> >>  package/openssh/openssh.mk               |  6 +++---
>> >>  package/openssh/sshd-host-keygen.service |  2 +-
>> >>  package/openssh/sshd.socket              | 11 +++++++++++
>> >>  package/openssh/sshd@.service            | 10 ++++++++++
>> >>  4 files changed, 25 insertions(+), 4 deletions(-)
>> >>  create mode 100644 package/openssh/sshd.socket
>> >>  create mode 100644 package/openssh/sshd@.service
>> >>
>> >> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
>> >> index 6b3ee1f5f4..1f2638e9c9 100644
>> >> --- a/package/openssh/openssh.mk
>> >> +++ b/package/openssh/openssh.mk
>> >> @@ -114,9 +114,9 @@ endef
>> >>  OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS
>> >>
>> >>  define OPENSSH_INSTALL_INIT_SYSTEMD
>> >> -       mkdir $(TARGET_DIR)/usr/lib/systemd/system
>> >> -       $(INSTALL) -m 644 package/openssh/sshd*.service \
>> >> -               $(TARGET_DIR)/usr/lib/systemd/system/
>> >> +       mkdir -p $(TARGET_DIR)/usr/lib/systemd/system
>> >> +       $(INSTALL) -m 644 package/openssh/sshd*.service package/openssh/sshd.socket \
>> >> +               $(TARGET_DIR)/usr/lib/systemd/system/.
>> >>         $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS)
>> >>  endef
>> >>
>> >> diff --git a/package/openssh/sshd-host-keygen.service b/package/openssh/sshd-host-keygen.service
>> >> index 058e671c44..ffde622b01 100644
>> >> --- a/package/openssh/sshd-host-keygen.service
>> >> +++ b/package/openssh/sshd-host-keygen.service
>> >> @@ -17,4 +17,4 @@ Type=oneshot
>> >>  RemainAfterExit=yes
>> >>
>> >>  [Install]
>> >> -WantedBy=sshd.service
>> >> +WantedBy=sshd.service sshd.socket
>> >> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket
>> >> new file mode 100644
>> >> index 0000000000..bbae9ed7aa
>> >> --- /dev/null
>> >> +++ b/package/openssh/sshd.socket
>> >> @@ -0,0 +1,11 @@
>> >> +[Unit]
>> >> +Description=OpenBSD Secure Shell server socket
>> >> +Before=sshd.service
>> >> +Conflicts=sshd.service
>> >
>> > No, that would stop the socket when the service is started, and you don't want that.
>> > If you do that, only one connection would be accepted before the socket is stoped
>> > and since you have accept=yes no further connections would be accepted
>>
>> there is the singular sshd service
>> and the sshd.socket which spawns sshd@ instance services.
>> Those are mutually exclusive (because of the "Conflicts"), the
>> "Before" line just ensures that the sshd.socket wins out by default.
>>
>
> aah right, I messed up sshd.service and sshd@.service in my head.
> my bad.
>
> I personally think we shouldn't install both methods.
> either choose a distro-wide decision or provide a config option
>
> Anyway, I see what you are doing now, and that should work, AFAICT.
>
> I still think that it's cool that openssh supports all those startup methods,
> but I'm not convinced we need to support all of them in BR.

sshd is better for throughput/efficiency if you have alot connections,

the socket option saves memory if you rarely have connections (and is
actually a simpler service file).

I would support both, but let users pick.

Norbert

Am So., 7. Juni 2020 um 21:45 Uhr schrieb Norbert Lange <nolange79@gmail.com>:
>
> Am So., 7. Juni 2020 um 21:32 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>:
> >
> >
> >
> > Le dim. 7 juin 2020 à 21:11, Norbert Lange <nolange79@gmail.com> a écrit :
> >>
> >> Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>:
> >> >
> >> >
> >> >
> >> > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a écrit :
> >> >>
> >> >> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> >> >> ---
> >> >>  package/openssh/openssh.mk               |  6 +++---
> >> >>  package/openssh/sshd-host-keygen.service |  2 +-
> >> >>  package/openssh/sshd.socket              | 11 +++++++++++
> >> >>  package/openssh/sshd@.service            | 10 ++++++++++
> >> >>  4 files changed, 25 insertions(+), 4 deletions(-)
> >> >>  create mode 100644 package/openssh/sshd.socket
> >> >>  create mode 100644 package/openssh/sshd@.service
> >> >>
> >> >> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
> >> >> index 6b3ee1f5f4..1f2638e9c9 100644
> >> >> --- a/package/openssh/openssh.mk
> >> >> +++ b/package/openssh/openssh.mk
> >> >> @@ -114,9 +114,9 @@ endef
> >> >>  OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS
> >> >>
> >> >>  define OPENSSH_INSTALL_INIT_SYSTEMD
> >> >> -       mkdir $(TARGET_DIR)/usr/lib/systemd/system
> >> >> -       $(INSTALL) -m 644 package/openssh/sshd*.service \
> >> >> -               $(TARGET_DIR)/usr/lib/systemd/system/
> >> >> +       mkdir -p $(TARGET_DIR)/usr/lib/systemd/system
> >> >> +       $(INSTALL) -m 644 package/openssh/sshd*.service package/openssh/sshd.socket \
> >> >> +               $(TARGET_DIR)/usr/lib/systemd/system/.
> >> >>         $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS)
> >> >>  endef
> >> >>
> >> >> diff --git a/package/openssh/sshd-host-keygen.service b/package/openssh/sshd-host-keygen.service
> >> >> index 058e671c44..ffde622b01 100644
> >> >> --- a/package/openssh/sshd-host-keygen.service
> >> >> +++ b/package/openssh/sshd-host-keygen.service
> >> >> @@ -17,4 +17,4 @@ Type=oneshot
> >> >>  RemainAfterExit=yes
> >> >>
> >> >>  [Install]
> >> >> -WantedBy=sshd.service
> >> >> +WantedBy=sshd.service sshd.socket
> >> >> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket
> >> >> new file mode 100644
> >> >> index 0000000000..bbae9ed7aa
> >> >> --- /dev/null
> >> >> +++ b/package/openssh/sshd.socket
> >> >> @@ -0,0 +1,11 @@
> >> >> +[Unit]
> >> >> +Description=OpenBSD Secure Shell server socket
> >> >> +Before=sshd.service
> >> >> +Conflicts=sshd.service
> >> >
> >> > No, that would stop the socket when the service is started, and you don't want that.
> >> > If you do that, only one connection would be accepted before the socket is stoped
> >> > and since you have accept=yes no further connections would be accepted
> >>
> >> there is the singular sshd service
> >> and the sshd.socket which spawns sshd@ instance services.
> >> Those are mutually exclusive (because of the "Conflicts"), the
> >> "Before" line just ensures that the sshd.socket wins out by default.
> >>
> >
> > aah right, I messed up sshd.service and sshd@.service in my head.
> > my bad.
> >
> > I personally think we shouldn't install both methods.
> > either choose a distro-wide decision or provide a config option
> >
> > Anyway, I see what you are doing now, and that should work, AFAICT.
> >
> > I still think that it's cool that openssh supports all those startup methods,
> > but I'm not convinced we need to support all of them in BR.
>
> sshd is better for throughput/efficiency if you have alot connections,
>
> the socket option saves memory if you rarely have connections (and is
> actually a simpler service file).
>
> I would support both, but let users pick.
>
> Norbert

How about this option:

config BR2_PACKAGE_OPENSSH_SERVER_SOCKET
bool "server socket"
depends on BR2_INIT_SYSTEMD
help
  Systemd socket activation server.

makefile gonna get allota ifdefs, right now it's a bit naive anyway,
as you could pick server and not key_utils and then the services (sys
and systemd) would fail when trying to verify/generate the host keys.

Norbert

Sounds good... the help text might need a little work, but I like the idea
itself...

Le dim. 7 juin 2020 à 23:30, Norbert Lange <nolange79@gmail.com> a écrit :

> Am So., 7. Juni 2020 um 21:45 Uhr schrieb Norbert Lange <
> nolange79@gmail.com>:
> >
> > Am So., 7. Juni 2020 um 21:32 Uhr schrieb Jérémy ROSEN <
> jeremy.rosen@smile.fr>:
> > >
> > >
> > >
> > > Le dim. 7 juin 2020 à 21:11, Norbert Lange <nolange79@gmail.com> a
> écrit :
> > >>
> > >> Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN <
> jeremy.rosen@smile.fr>:
> > >> >
> > >> >
> > >> >
> > >> > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a
> écrit :
> > >> >>
> > >> >> Signed-off-by: Norbert Lange <nolange79@gmail.com>
> > >> >> ---
> > >> >>  package/openssh/openssh.mk               |  6 +++---
> > >> >>  package/openssh/sshd-host-keygen.service |  2 +-
> > >> >>  package/openssh/sshd.socket              | 11 +++++++++++
> > >> >>  package/openssh/sshd@.service            | 10 ++++++++++
> > >> >>  4 files changed, 25 insertions(+), 4 deletions(-)
> > >> >>  create mode 100644 package/openssh/sshd.socket
> > >> >>  create mode 100644 package/openssh/sshd@.service
> > >> >>
> > >> >> diff --git a/package/openssh/openssh.mk b/package/openssh/
> openssh.mk
> > >> >> index 6b3ee1f5f4..1f2638e9c9 100644
> > >> >> --- a/package/openssh/openssh.mk
> > >> >> +++ b/package/openssh/openssh.mk
> > >> >> @@ -114,9 +114,9 @@ endef
> > >> >>  OPENSSH_POST_INSTALL_TARGET_HOOKS +=
> OPENSSH_INSTALL_SERVER_PROGRAMS
> > >> >>
> > >> >>  define OPENSSH_INSTALL_INIT_SYSTEMD
> > >> >> -       mkdir $(TARGET_DIR)/usr/lib/systemd/system
> > >> >> -       $(INSTALL) -m 644 package/openssh/sshd*.service \
> > >> >> -               $(TARGET_DIR)/usr/lib/systemd/system/
> > >> >> +       mkdir -p $(TARGET_DIR)/usr/lib/systemd/system
> > >> >> +       $(INSTALL) -m 644 package/openssh/sshd*.service
> package/openssh/sshd.socket \
> > >> >> +               $(TARGET_DIR)/usr/lib/systemd/system/.
> > >> >>         $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS)
> > >> >>  endef
> > >> >>
> > >> >> diff --git a/package/openssh/sshd-host-keygen.service
> b/package/openssh/sshd-host-keygen.service
> > >> >> index 058e671c44..ffde622b01 100644
> > >> >> --- a/package/openssh/sshd-host-keygen.service
> > >> >> +++ b/package/openssh/sshd-host-keygen.service
> > >> >> @@ -17,4 +17,4 @@ Type=oneshot
> > >> >>  RemainAfterExit=yes
> > >> >>
> > >> >>  [Install]
> > >> >> -WantedBy=sshd.service
> > >> >> +WantedBy=sshd.service sshd.socket
> > >> >> diff --git a/package/openssh/sshd.socket
> b/package/openssh/sshd.socket
> > >> >> new file mode 100644
> > >> >> index 0000000000..bbae9ed7aa
> > >> >> --- /dev/null
> > >> >> +++ b/package/openssh/sshd.socket
> > >> >> @@ -0,0 +1,11 @@
> > >> >> +[Unit]
> > >> >> +Description=OpenBSD Secure Shell server socket
> > >> >> +Before=sshd.service
> > >> >> +Conflicts=sshd.service
> > >> >
> > >> > No, that would stop the socket when the service is started, and you
> don't want that.
> > >> > If you do that, only one connection would be accepted before the
> socket is stoped
> > >> > and since you have accept=yes no further connections would be
> accepted
> > >>
> > >> there is the singular sshd service
> > >> and the sshd.socket which spawns sshd@ instance services.
> > >> Those are mutually exclusive (because of the "Conflicts"), the
> > >> "Before" line just ensures that the sshd.socket wins out by default.
> > >>
> > >
> > > aah right, I messed up sshd.service and sshd@.service in my head.
> > > my bad.
> > >
> > > I personally think we shouldn't install both methods.
> > > either choose a distro-wide decision or provide a config option
> > >
> > > Anyway, I see what you are doing now, and that should work, AFAICT.
> > >
> > > I still think that it's cool that openssh supports all those startup
> methods,
> > > but I'm not convinced we need to support all of them in BR.
> >
> > sshd is better for throughput/efficiency if you have alot connections,
> >
> > the socket option saves memory if you rarely have connections (and is
> > actually a simpler service file).
> >
> > I would support both, but let users pick.
> >
> > Norbert
>
> How about this option:
>
> config BR2_PACKAGE_OPENSSH_SERVER_SOCKET
> bool "server socket"
> depends on BR2_INIT_SYSTEMD
> help
>   Systemd socket activation server.
>
> makefile gonna get allota ifdefs, right now it's a bit naive anyway,
> as you could pick server and not key_utils and then the services (sys
> and systemd) would fail when trying to verify/generate the host keys.
>
> Norbert
>