[Bug 1576353] Re: install openssh-server by default, prompt for enabling it on server iso install

Steve Langasek steve.langasek at canonical.com
Mon May 2 00:56:22 UTC 2016

On Sat, Apr 30, 2016 at 10:23:35AM -0000, Colin Watson wrote:
> Per-connection sshd instances with systemd
> ------------------------------------------

> If you want to reconfigure systemd to listen on port 22 itself and launch an
> instance of sshd for each connection (inetd-style socket activation), then
> you can run:

>   systemctl stop ssh.service
>   systemctl start ssh.socket

> To make this permanent:

>   systemctl disable ssh.service
>   systemctl enable ssh.socket

> This may be appropriate in environments where minimal footprint is critical
> (e.g. cloud guests).  Be aware that this bypasses MaxStartups, and systemd's
> MaxConnections cannot quite replace this as it cannot distinguish between
> authenticated and unauthenticated connections; see
> https://bugzilla.redhat.com/show_bug.cgi?id=963268 for more discussion.

> The provided ssh.socket unit file sets ListenStream=22.  If you need to have
> it listen on a different address or port, then you will need to do this by
> copying /lib/systemd/system/ssh.socket to /etc/systemd/system/ssh.socket and
> modifying the ListenStream option.  See systemd.socket(5) for details.

AIUI this should be fixable by patching openssh to use the systemd
socket-passing protocol (sd_listen_fds(3)) instead of relying on inetd-style
socket passing.  In that case, openssh can apply whatever controls it wants
to the listen() socket.

You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.

  Install openssh-server with disabled password auth by default on

Status in Ubuntu CD Images:
Status in openssh package in Ubuntu:

Bug description:
  we want to remove 'cloud-image' seed and join it with 'server' seed.
  openssh-server is one of the few (3) packages that are in cloud image and not in 'ubuntu-server'.

  We'd like to have the server iso install openssh-server by default and
  prompt the user if they want to enable it or not.

To manage notifications about this bug go to:

More information about the foundations-bugs mailing list