[Bug 1576353] Re: install openssh-server by default, prompt for enabling it on server iso install
Steve Langasek
steve.langasek at canonical.com
Mon May 2 00:56:22 UTC 2016
On Sat, Apr 30, 2016 at 10:23:35AM -0000, Colin Watson wrote:
> Per-connection sshd instances with systemd
> ------------------------------------------
> If you want to reconfigure systemd to listen on port 22 itself and launch an
> instance of sshd for each connection (inetd-style socket activation), then
> you can run:
> systemctl stop ssh.service
> systemctl start ssh.socket
> To make this permanent:
> systemctl disable ssh.service
> systemctl enable ssh.socket
> This may be appropriate in environments where minimal footprint is critical
> (e.g. cloud guests). Be aware that this bypasses MaxStartups, and systemd's
> MaxConnections cannot quite replace this as it cannot distinguish between
> authenticated and unauthenticated connections; see
> https://bugzilla.redhat.com/show_bug.cgi?id=963268 for more discussion.
> The provided ssh.socket unit file sets ListenStream=22. If you need to have
> it listen on a different address or port, then you will need to do this by
> copying /lib/systemd/system/ssh.socket to /etc/systemd/system/ssh.socket and
> modifying the ListenStream option. See systemd.socket(5) for details.
AIUI this should be fixable by patching openssh to use the systemd
socket-passing protocol (sd_listen_fds(3)) instead of relying on inetd-style
socket passing. In that case, openssh can apply whatever controls it wants
to the listen() socket.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1576353
Title:
Install openssh-server with disabled password auth by default on
servers
Status in Ubuntu CD Images:
New
Status in openssh package in Ubuntu:
Triaged
Bug description:
we want to remove 'cloud-image' seed and join it with 'server' seed.
openssh-server is one of the few (3) packages that are in cloud image and not in 'ubuntu-server'.
We'd like to have the server iso install openssh-server by default and
prompt the user if they want to enable it or not.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-cdimage/+bug/1576353/+subscriptions
More information about the foundations-bugs
mailing list