Upcoming change in kinetic: socket-activated sshd

Steve Langasek steve.langasek at ubuntu.com
Sat Aug 27 04:59:55 UTC 2022


Hi folks,

In the kinetic cycle I have been working on landing a change to make sshd
use systemd socket activation only by default, rather than starting the
daemon at boot.  This will reduce the default memory footprint of every
cloud and lxd container image we produce, and is therefore a worthwhile
optimization to Ubuntu.

The new behavior is present in openssh 1:9.0p1-1ubuntu3, currently in
kinetic-proposed and expected to migrate to the kinetic release pocket in
the next few days (after autopkgtests clear).  A Discourse post with more
information can be found here:

  https://discourse.ubuntu.com/t/sshd-now-uses-socket-based-activation-ubuntu-22-10-and-later/30189

Upgrading to the package will automatically migrate your sshd to use
socket-based activation.

One important caveat with this new behavior: if you have ListenAddress
configured in sshd_config today, it is possible that the new ssh.socket unit
will not start reliably on boot.  This is obviously important for
remotely-administered systems, where a failure to start sshd will lock the
admin out.  The current behavior of the package in kinetic-proposed is to
migrate all users to socket-based activation, with a debconf warning if you
may be affected by this issue.  I am looking for feedback between now and
release as to whether this behavior is acceptable, or if we should avoid
migrating users to socket activation if we determine it's possible
ssh.socket will fail on reboot.

Thanks,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20220826/978ead6d/attachment.sig>


More information about the ubuntu-devel mailing list