Message ID | 20200605225905.14082-4-nolange79@gmail.com |
---|---|
State | Superseded |
Headers | show |
Series | [1/4] package/openssh: Depend on libaudit if available | expand |
Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a écrit : > Signed-off-by: Norbert Lange <nolange79@gmail.com> > --- > package/openssh/openssh.mk | 6 +++--- > package/openssh/sshd-host-keygen.service | 2 +- > package/openssh/sshd.socket | 11 +++++++++++ > package/openssh/sshd@.service | 10 ++++++++++ > 4 files changed, 25 insertions(+), 4 deletions(-) > create mode 100644 package/openssh/sshd.socket > create mode 100644 package/openssh/sshd@.service > > diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk > index 6b3ee1f5f4..1f2638e9c9 100644 > --- a/package/openssh/openssh.mk > +++ b/package/openssh/openssh.mk > @@ -114,9 +114,9 @@ endef > OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS > > define OPENSSH_INSTALL_INIT_SYSTEMD > - mkdir $(TARGET_DIR)/usr/lib/systemd/system > - $(INSTALL) -m 644 package/openssh/sshd*.service \ > - $(TARGET_DIR)/usr/lib/systemd/system/ > + mkdir -p $(TARGET_DIR)/usr/lib/systemd/system > + $(INSTALL) -m 644 package/openssh/sshd*.service > package/openssh/sshd.socket \ > + $(TARGET_DIR)/usr/lib/systemd/system/. > $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS) > endef > > diff --git a/package/openssh/sshd-host-keygen.service > b/package/openssh/sshd-host-keygen.service > index 058e671c44..ffde622b01 100644 > --- a/package/openssh/sshd-host-keygen.service > +++ b/package/openssh/sshd-host-keygen.service > @@ -17,4 +17,4 @@ Type=oneshot > RemainAfterExit=yes > > [Install] > -WantedBy=sshd.service > +WantedBy=sshd.service sshd.socket > diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket > new file mode 100644 > index 0000000000..bbae9ed7aa > --- /dev/null > +++ b/package/openssh/sshd.socket > @@ -0,0 +1,11 @@ > +[Unit] > +Description=OpenBSD Secure Shell server socket > +Before=sshd.service > +Conflicts=sshd.service > No, that would stop the socket when the service is started, and you don't want that. If you do that, only one connection would be accepted before the socket is stoped and since you have accept=yes no further connections would be accepted > + > +[Socket] > +ListenStream=22 > +Accept=yes > + > +[Install] > +WantedBy=sockets.target > diff --git a/package/openssh/sshd@.service b/package/openssh/sshd@.service > new file mode 100644 > index 0000000000..b3a590d9a3 > --- /dev/null > +++ b/package/openssh/sshd@.service > @@ -0,0 +1,10 @@ > +[Unit] > +Description=OpenBSD Secure Shell server per-connection daemon > +Documentation=man:sshd(8) man:sshd_config(5) > +After=auditd.service > + > +[Service] > +ExecStart=-/usr/sbin/sshd -i > +StandardInput=socket > +RuntimeDirectory=sshd > +RuntimeDirectoryMode=0755 > I am a bit confused, you have both an ssh.service and a ssh.socket+ssh@ .service Wouldn't those two fight over port 22 ? > -- > 2.26.2 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot >
Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>: > > > > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a écrit : >> >> Signed-off-by: Norbert Lange <nolange79@gmail.com> >> --- >> package/openssh/openssh.mk | 6 +++--- >> package/openssh/sshd-host-keygen.service | 2 +- >> package/openssh/sshd.socket | 11 +++++++++++ >> package/openssh/sshd@.service | 10 ++++++++++ >> 4 files changed, 25 insertions(+), 4 deletions(-) >> create mode 100644 package/openssh/sshd.socket >> create mode 100644 package/openssh/sshd@.service >> >> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk >> index 6b3ee1f5f4..1f2638e9c9 100644 >> --- a/package/openssh/openssh.mk >> +++ b/package/openssh/openssh.mk >> @@ -114,9 +114,9 @@ endef >> OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS >> >> define OPENSSH_INSTALL_INIT_SYSTEMD >> - mkdir $(TARGET_DIR)/usr/lib/systemd/system >> - $(INSTALL) -m 644 package/openssh/sshd*.service \ >> - $(TARGET_DIR)/usr/lib/systemd/system/ >> + mkdir -p $(TARGET_DIR)/usr/lib/systemd/system >> + $(INSTALL) -m 644 package/openssh/sshd*.service package/openssh/sshd.socket \ >> + $(TARGET_DIR)/usr/lib/systemd/system/. >> $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS) >> endef >> >> diff --git a/package/openssh/sshd-host-keygen.service b/package/openssh/sshd-host-keygen.service >> index 058e671c44..ffde622b01 100644 >> --- a/package/openssh/sshd-host-keygen.service >> +++ b/package/openssh/sshd-host-keygen.service >> @@ -17,4 +17,4 @@ Type=oneshot >> RemainAfterExit=yes >> >> [Install] >> -WantedBy=sshd.service >> +WantedBy=sshd.service sshd.socket >> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket >> new file mode 100644 >> index 0000000000..bbae9ed7aa >> --- /dev/null >> +++ b/package/openssh/sshd.socket >> @@ -0,0 +1,11 @@ >> +[Unit] >> +Description=OpenBSD Secure Shell server socket >> +Before=sshd.service >> +Conflicts=sshd.service > > No, that would stop the socket when the service is started, and you don't want that. > If you do that, only one connection would be accepted before the socket is stoped > and since you have accept=yes no further connections would be accepted there is the singular sshd service and the sshd.socket which spawns sshd@ instance services. Those are mutually exclusive (because of the "Conflicts"), the "Before" line just ensures that the sshd.socket wins out by default. > >> >> + >> +[Socket] >> +ListenStream=22 >> +Accept=yes >> + >> +[Install] >> +WantedBy=sockets.target >> diff --git a/package/openssh/sshd@.service b/package/openssh/sshd@.service >> new file mode 100644 >> index 0000000000..b3a590d9a3 >> --- /dev/null >> +++ b/package/openssh/sshd@.service >> @@ -0,0 +1,10 @@ >> +[Unit] >> +Description=OpenBSD Secure Shell server per-connection daemon >> +Documentation=man:sshd(8) man:sshd_config(5) >> +After=auditd.service >> + >> +[Service] >> +ExecStart=-/usr/sbin/sshd -i >> +StandardInput=socket >> +RuntimeDirectory=sshd >> +RuntimeDirectoryMode=0755 > > > I am a bit confused, you have both an ssh.service and a ssh.socket+ssh@.service > Wouldn't those two fight over port 22 ? No, on a fresh installation, the socket will be started, the sshd service will not because of the "Conflicts". if you manually enable/start the sshd.service then the socket will be shutdown first. > > > >> >> -- >> 2.26.2 >> >> _______________________________________________ >> buildroot mailing list >> buildroot@busybox.net >> http://lists.busybox.net/mailman/listinfo/buildroot > > > > -- > > > 20 rue des Jardins > 92600 Asnières-sur-Seine > > Jérémy ROSEN > Architecte technique > > jeremy.rosen@smile.fr > +33 6 88 25 87 42 > http://www.smile.eu Norbert
Le dim. 7 juin 2020 à 21:11, Norbert Lange <nolange79@gmail.com> a écrit : > Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN < > jeremy.rosen@smile.fr>: > > > > > > > > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a > écrit : > >> > >> Signed-off-by: Norbert Lange <nolange79@gmail.com> > >> --- > >> package/openssh/openssh.mk | 6 +++--- > >> package/openssh/sshd-host-keygen.service | 2 +- > >> package/openssh/sshd.socket | 11 +++++++++++ > >> package/openssh/sshd@.service | 10 ++++++++++ > >> 4 files changed, 25 insertions(+), 4 deletions(-) > >> create mode 100644 package/openssh/sshd.socket > >> create mode 100644 package/openssh/sshd@.service > >> > >> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk > >> index 6b3ee1f5f4..1f2638e9c9 100644 > >> --- a/package/openssh/openssh.mk > >> +++ b/package/openssh/openssh.mk > >> @@ -114,9 +114,9 @@ endef > >> OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS > >> > >> define OPENSSH_INSTALL_INIT_SYSTEMD > >> - mkdir $(TARGET_DIR)/usr/lib/systemd/system > >> - $(INSTALL) -m 644 package/openssh/sshd*.service \ > >> - $(TARGET_DIR)/usr/lib/systemd/system/ > >> + mkdir -p $(TARGET_DIR)/usr/lib/systemd/system > >> + $(INSTALL) -m 644 package/openssh/sshd*.service > package/openssh/sshd.socket \ > >> + $(TARGET_DIR)/usr/lib/systemd/system/. > >> $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS) > >> endef > >> > >> diff --git a/package/openssh/sshd-host-keygen.service > b/package/openssh/sshd-host-keygen.service > >> index 058e671c44..ffde622b01 100644 > >> --- a/package/openssh/sshd-host-keygen.service > >> +++ b/package/openssh/sshd-host-keygen.service > >> @@ -17,4 +17,4 @@ Type=oneshot > >> RemainAfterExit=yes > >> > >> [Install] > >> -WantedBy=sshd.service > >> +WantedBy=sshd.service sshd.socket > >> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket > >> new file mode 100644 > >> index 0000000000..bbae9ed7aa > >> --- /dev/null > >> +++ b/package/openssh/sshd.socket > >> @@ -0,0 +1,11 @@ > >> +[Unit] > >> +Description=OpenBSD Secure Shell server socket > >> +Before=sshd.service > >> +Conflicts=sshd.service > > > > No, that would stop the socket when the service is started, and you > don't want that. > > If you do that, only one connection would be accepted before the socket > is stoped > > and since you have accept=yes no further connections would be accepted > > there is the singular sshd service > and the sshd.socket which spawns sshd@ instance services. > Those are mutually exclusive (because of the "Conflicts"), the > "Before" line just ensures that the sshd.socket wins out by default. > > aah right, I messed up sshd.service and sshd@.service in my head. my bad. I personally think we shouldn't install both methods. either choose a distro-wide decision or provide a config option Anyway, I see what you are doing now, and that should work, AFAICT. I still think that it's cool that openssh supports all those startup methods, but I'm not convinced we need to support all of them in BR. Thoughts ? Regards Jeremy > > > >> > >> + > >> +[Socket] > >> +ListenStream=22 > >> +Accept=yes > >> + > >> +[Install] > >> +WantedBy=sockets.target > >> diff --git a/package/openssh/sshd@.service b/package/openssh/sshd@ > .service > >> new file mode 100644 > >> index 0000000000..b3a590d9a3 > >> --- /dev/null > >> +++ b/package/openssh/sshd@.service > >> @@ -0,0 +1,10 @@ > >> +[Unit] > >> +Description=OpenBSD Secure Shell server per-connection daemon > >> +Documentation=man:sshd(8) man:sshd_config(5) > >> +After=auditd.service > >> + > >> +[Service] > >> +ExecStart=-/usr/sbin/sshd -i > >> +StandardInput=socket > >> +RuntimeDirectory=sshd > >> +RuntimeDirectoryMode=0755 > > > > > > I am a bit confused, you have both an ssh.service and a ssh.socket+ssh@ > .service > > Wouldn't those two fight over port 22 ? > > No, on a fresh installation, the socket will be started, the sshd > service will not because of the "Conflicts". > if you manually enable/start the sshd.service then the socket will be > shutdown first. > > > > > > > > >> > >> -- > >> 2.26.2 > >> > >> _______________________________________________ > >> buildroot mailing list > >> buildroot@busybox.net > >> http://lists.busybox.net/mailman/listinfo/buildroot > > > > > > > > -- > > > > > > 20 rue des Jardins > > 92600 Asnières-sur-Seine > > > > Jérémy ROSEN > > Architecte technique > > > > jeremy.rosen@smile.fr > > +33 6 88 25 87 42 > > http://www.smile.eu > > Norbert >
Am So., 7. Juni 2020 um 21:32 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>: > > > > Le dim. 7 juin 2020 à 21:11, Norbert Lange <nolange79@gmail.com> a écrit : >> >> Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>: >> > >> > >> > >> > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a écrit : >> >> >> >> Signed-off-by: Norbert Lange <nolange79@gmail.com> >> >> --- >> >> package/openssh/openssh.mk | 6 +++--- >> >> package/openssh/sshd-host-keygen.service | 2 +- >> >> package/openssh/sshd.socket | 11 +++++++++++ >> >> package/openssh/sshd@.service | 10 ++++++++++ >> >> 4 files changed, 25 insertions(+), 4 deletions(-) >> >> create mode 100644 package/openssh/sshd.socket >> >> create mode 100644 package/openssh/sshd@.service >> >> >> >> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk >> >> index 6b3ee1f5f4..1f2638e9c9 100644 >> >> --- a/package/openssh/openssh.mk >> >> +++ b/package/openssh/openssh.mk >> >> @@ -114,9 +114,9 @@ endef >> >> OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS >> >> >> >> define OPENSSH_INSTALL_INIT_SYSTEMD >> >> - mkdir $(TARGET_DIR)/usr/lib/systemd/system >> >> - $(INSTALL) -m 644 package/openssh/sshd*.service \ >> >> - $(TARGET_DIR)/usr/lib/systemd/system/ >> >> + mkdir -p $(TARGET_DIR)/usr/lib/systemd/system >> >> + $(INSTALL) -m 644 package/openssh/sshd*.service package/openssh/sshd.socket \ >> >> + $(TARGET_DIR)/usr/lib/systemd/system/. >> >> $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS) >> >> endef >> >> >> >> diff --git a/package/openssh/sshd-host-keygen.service b/package/openssh/sshd-host-keygen.service >> >> index 058e671c44..ffde622b01 100644 >> >> --- a/package/openssh/sshd-host-keygen.service >> >> +++ b/package/openssh/sshd-host-keygen.service >> >> @@ -17,4 +17,4 @@ Type=oneshot >> >> RemainAfterExit=yes >> >> >> >> [Install] >> >> -WantedBy=sshd.service >> >> +WantedBy=sshd.service sshd.socket >> >> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket >> >> new file mode 100644 >> >> index 0000000000..bbae9ed7aa >> >> --- /dev/null >> >> +++ b/package/openssh/sshd.socket >> >> @@ -0,0 +1,11 @@ >> >> +[Unit] >> >> +Description=OpenBSD Secure Shell server socket >> >> +Before=sshd.service >> >> +Conflicts=sshd.service >> > >> > No, that would stop the socket when the service is started, and you don't want that. >> > If you do that, only one connection would be accepted before the socket is stoped >> > and since you have accept=yes no further connections would be accepted >> >> there is the singular sshd service >> and the sshd.socket which spawns sshd@ instance services. >> Those are mutually exclusive (because of the "Conflicts"), the >> "Before" line just ensures that the sshd.socket wins out by default. >> > > aah right, I messed up sshd.service and sshd@.service in my head. > my bad. > > I personally think we shouldn't install both methods. > either choose a distro-wide decision or provide a config option > > Anyway, I see what you are doing now, and that should work, AFAICT. > > I still think that it's cool that openssh supports all those startup methods, > but I'm not convinced we need to support all of them in BR. sshd is better for throughput/efficiency if you have alot connections, the socket option saves memory if you rarely have connections (and is actually a simpler service file). I would support both, but let users pick. Norbert
Am So., 7. Juni 2020 um 21:45 Uhr schrieb Norbert Lange <nolange79@gmail.com>: > > Am So., 7. Juni 2020 um 21:32 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>: > > > > > > > > Le dim. 7 juin 2020 à 21:11, Norbert Lange <nolange79@gmail.com> a écrit : > >> > >> Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN <jeremy.rosen@smile.fr>: > >> > > >> > > >> > > >> > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a écrit : > >> >> > >> >> Signed-off-by: Norbert Lange <nolange79@gmail.com> > >> >> --- > >> >> package/openssh/openssh.mk | 6 +++--- > >> >> package/openssh/sshd-host-keygen.service | 2 +- > >> >> package/openssh/sshd.socket | 11 +++++++++++ > >> >> package/openssh/sshd@.service | 10 ++++++++++ > >> >> 4 files changed, 25 insertions(+), 4 deletions(-) > >> >> create mode 100644 package/openssh/sshd.socket > >> >> create mode 100644 package/openssh/sshd@.service > >> >> > >> >> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk > >> >> index 6b3ee1f5f4..1f2638e9c9 100644 > >> >> --- a/package/openssh/openssh.mk > >> >> +++ b/package/openssh/openssh.mk > >> >> @@ -114,9 +114,9 @@ endef > >> >> OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS > >> >> > >> >> define OPENSSH_INSTALL_INIT_SYSTEMD > >> >> - mkdir $(TARGET_DIR)/usr/lib/systemd/system > >> >> - $(INSTALL) -m 644 package/openssh/sshd*.service \ > >> >> - $(TARGET_DIR)/usr/lib/systemd/system/ > >> >> + mkdir -p $(TARGET_DIR)/usr/lib/systemd/system > >> >> + $(INSTALL) -m 644 package/openssh/sshd*.service package/openssh/sshd.socket \ > >> >> + $(TARGET_DIR)/usr/lib/systemd/system/. > >> >> $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS) > >> >> endef > >> >> > >> >> diff --git a/package/openssh/sshd-host-keygen.service b/package/openssh/sshd-host-keygen.service > >> >> index 058e671c44..ffde622b01 100644 > >> >> --- a/package/openssh/sshd-host-keygen.service > >> >> +++ b/package/openssh/sshd-host-keygen.service > >> >> @@ -17,4 +17,4 @@ Type=oneshot > >> >> RemainAfterExit=yes > >> >> > >> >> [Install] > >> >> -WantedBy=sshd.service > >> >> +WantedBy=sshd.service sshd.socket > >> >> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket > >> >> new file mode 100644 > >> >> index 0000000000..bbae9ed7aa > >> >> --- /dev/null > >> >> +++ b/package/openssh/sshd.socket > >> >> @@ -0,0 +1,11 @@ > >> >> +[Unit] > >> >> +Description=OpenBSD Secure Shell server socket > >> >> +Before=sshd.service > >> >> +Conflicts=sshd.service > >> > > >> > No, that would stop the socket when the service is started, and you don't want that. > >> > If you do that, only one connection would be accepted before the socket is stoped > >> > and since you have accept=yes no further connections would be accepted > >> > >> there is the singular sshd service > >> and the sshd.socket which spawns sshd@ instance services. > >> Those are mutually exclusive (because of the "Conflicts"), the > >> "Before" line just ensures that the sshd.socket wins out by default. > >> > > > > aah right, I messed up sshd.service and sshd@.service in my head. > > my bad. > > > > I personally think we shouldn't install both methods. > > either choose a distro-wide decision or provide a config option > > > > Anyway, I see what you are doing now, and that should work, AFAICT. > > > > I still think that it's cool that openssh supports all those startup methods, > > but I'm not convinced we need to support all of them in BR. > > sshd is better for throughput/efficiency if you have alot connections, > > the socket option saves memory if you rarely have connections (and is > actually a simpler service file). > > I would support both, but let users pick. > > Norbert How about this option: config BR2_PACKAGE_OPENSSH_SERVER_SOCKET bool "server socket" depends on BR2_INIT_SYSTEMD help Systemd socket activation server. makefile gonna get allota ifdefs, right now it's a bit naive anyway, as you could pick server and not key_utils and then the services (sys and systemd) would fail when trying to verify/generate the host keys. Norbert
Sounds good... the help text might need a little work, but I like the idea itself... Le dim. 7 juin 2020 à 23:30, Norbert Lange <nolange79@gmail.com> a écrit : > Am So., 7. Juni 2020 um 21:45 Uhr schrieb Norbert Lange < > nolange79@gmail.com>: > > > > Am So., 7. Juni 2020 um 21:32 Uhr schrieb Jérémy ROSEN < > jeremy.rosen@smile.fr>: > > > > > > > > > > > > Le dim. 7 juin 2020 à 21:11, Norbert Lange <nolange79@gmail.com> a > écrit : > > >> > > >> Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN < > jeremy.rosen@smile.fr>: > > >> > > > >> > > > >> > > > >> > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79@gmail.com> a > écrit : > > >> >> > > >> >> Signed-off-by: Norbert Lange <nolange79@gmail.com> > > >> >> --- > > >> >> package/openssh/openssh.mk | 6 +++--- > > >> >> package/openssh/sshd-host-keygen.service | 2 +- > > >> >> package/openssh/sshd.socket | 11 +++++++++++ > > >> >> package/openssh/sshd@.service | 10 ++++++++++ > > >> >> 4 files changed, 25 insertions(+), 4 deletions(-) > > >> >> create mode 100644 package/openssh/sshd.socket > > >> >> create mode 100644 package/openssh/sshd@.service > > >> >> > > >> >> diff --git a/package/openssh/openssh.mk b/package/openssh/ > openssh.mk > > >> >> index 6b3ee1f5f4..1f2638e9c9 100644 > > >> >> --- a/package/openssh/openssh.mk > > >> >> +++ b/package/openssh/openssh.mk > > >> >> @@ -114,9 +114,9 @@ endef > > >> >> OPENSSH_POST_INSTALL_TARGET_HOOKS += > OPENSSH_INSTALL_SERVER_PROGRAMS > > >> >> > > >> >> define OPENSSH_INSTALL_INIT_SYSTEMD > > >> >> - mkdir $(TARGET_DIR)/usr/lib/systemd/system > > >> >> - $(INSTALL) -m 644 package/openssh/sshd*.service \ > > >> >> - $(TARGET_DIR)/usr/lib/systemd/system/ > > >> >> + mkdir -p $(TARGET_DIR)/usr/lib/systemd/system > > >> >> + $(INSTALL) -m 644 package/openssh/sshd*.service > package/openssh/sshd.socket \ > > >> >> + $(TARGET_DIR)/usr/lib/systemd/system/. > > >> >> $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS) > > >> >> endef > > >> >> > > >> >> diff --git a/package/openssh/sshd-host-keygen.service > b/package/openssh/sshd-host-keygen.service > > >> >> index 058e671c44..ffde622b01 100644 > > >> >> --- a/package/openssh/sshd-host-keygen.service > > >> >> +++ b/package/openssh/sshd-host-keygen.service > > >> >> @@ -17,4 +17,4 @@ Type=oneshot > > >> >> RemainAfterExit=yes > > >> >> > > >> >> [Install] > > >> >> -WantedBy=sshd.service > > >> >> +WantedBy=sshd.service sshd.socket > > >> >> diff --git a/package/openssh/sshd.socket > b/package/openssh/sshd.socket > > >> >> new file mode 100644 > > >> >> index 0000000000..bbae9ed7aa > > >> >> --- /dev/null > > >> >> +++ b/package/openssh/sshd.socket > > >> >> @@ -0,0 +1,11 @@ > > >> >> +[Unit] > > >> >> +Description=OpenBSD Secure Shell server socket > > >> >> +Before=sshd.service > > >> >> +Conflicts=sshd.service > > >> > > > >> > No, that would stop the socket when the service is started, and you > don't want that. > > >> > If you do that, only one connection would be accepted before the > socket is stoped > > >> > and since you have accept=yes no further connections would be > accepted > > >> > > >> there is the singular sshd service > > >> and the sshd.socket which spawns sshd@ instance services. > > >> Those are mutually exclusive (because of the "Conflicts"), the > > >> "Before" line just ensures that the sshd.socket wins out by default. > > >> > > > > > > aah right, I messed up sshd.service and sshd@.service in my head. > > > my bad. > > > > > > I personally think we shouldn't install both methods. > > > either choose a distro-wide decision or provide a config option > > > > > > Anyway, I see what you are doing now, and that should work, AFAICT. > > > > > > I still think that it's cool that openssh supports all those startup > methods, > > > but I'm not convinced we need to support all of them in BR. > > > > sshd is better for throughput/efficiency if you have alot connections, > > > > the socket option saves memory if you rarely have connections (and is > > actually a simpler service file). > > > > I would support both, but let users pick. > > > > Norbert > > How about this option: > > config BR2_PACKAGE_OPENSSH_SERVER_SOCKET > bool "server socket" > depends on BR2_INIT_SYSTEMD > help > Systemd socket activation server. > > makefile gonna get allota ifdefs, right now it's a bit naive anyway, > as you could pick server and not key_utils and then the services (sys > and systemd) would fail when trying to verify/generate the host keys. > > Norbert >
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index 6b3ee1f5f4..1f2638e9c9 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -114,9 +114,9 @@ endef OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS define OPENSSH_INSTALL_INIT_SYSTEMD - mkdir $(TARGET_DIR)/usr/lib/systemd/system - $(INSTALL) -m 644 package/openssh/sshd*.service \ - $(TARGET_DIR)/usr/lib/systemd/system/ + mkdir -p $(TARGET_DIR)/usr/lib/systemd/system + $(INSTALL) -m 644 package/openssh/sshd*.service package/openssh/sshd.socket \ + $(TARGET_DIR)/usr/lib/systemd/system/. $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS) endef diff --git a/package/openssh/sshd-host-keygen.service b/package/openssh/sshd-host-keygen.service index 058e671c44..ffde622b01 100644 --- a/package/openssh/sshd-host-keygen.service +++ b/package/openssh/sshd-host-keygen.service @@ -17,4 +17,4 @@ Type=oneshot RemainAfterExit=yes [Install] -WantedBy=sshd.service +WantedBy=sshd.service sshd.socket diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket new file mode 100644 index 0000000000..bbae9ed7aa --- /dev/null +++ b/package/openssh/sshd.socket @@ -0,0 +1,11 @@ +[Unit] +Description=OpenBSD Secure Shell server socket +Before=sshd.service +Conflicts=sshd.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/package/openssh/sshd@.service b/package/openssh/sshd@.service new file mode 100644 index 0000000000..b3a590d9a3 --- /dev/null +++ b/package/openssh/sshd@.service @@ -0,0 +1,10 @@ +[Unit] +Description=OpenBSD Secure Shell server per-connection daemon +Documentation=man:sshd(8) man:sshd_config(5) +After=auditd.service + +[Service] +ExecStart=-/usr/sbin/sshd -i +StandardInput=socket +RuntimeDirectory=sshd +RuntimeDirectoryMode=0755
Signed-off-by: Norbert Lange <nolange79@gmail.com> --- package/openssh/openssh.mk | 6 +++--- package/openssh/sshd-host-keygen.service | 2 +- package/openssh/sshd.socket | 11 +++++++++++ package/openssh/sshd@.service | 10 ++++++++++ 4 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 package/openssh/sshd.socket create mode 100644 package/openssh/sshd@.service