Bug#1061516: Please add a sshd@.service template for socket activation

To: Marco d'Itri <md@linux.it>, 1061516@bugs.debian.org
Subject: Bug#1061516: Please add a sshd@.service template for socket activation
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 4 Mar 2024 22:48:49 +0000
Message-id: <[🔎] ZeZP0QlSXrG8IZdh@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 1061516@bugs.debian.org
In-reply-to: <Zd57nFlSbrw4m581@bongo.bofh.it>
References: <ZbK7GF1fQTU8lm3Y@bongo.bofh.it> <ZbK7GF1fQTU8lm3Y@bongo.bofh.it> <Zd57nFlSbrw4m581@bongo.bofh.it> <ZbK7GF1fQTU8lm3Y@bongo.bofh.it>

On Wed, Feb 28, 2024 at 01:17:32AM +0100, Marco d'Itri wrote:
> On Jan 25, Marco d'Itri <md@linux.it> wrote:
> > systemd currently expects the template to be named sshd@.service 
> > (because that is what Fedora uses), but if you prefer to keep the 
> > ssh@.service name then I suppose that we could patch systemd as well.
> 
> Is there any way I can help with this?
> The major issue is deciding how you want the template to be called.

Does this patch look workable?  It mostly just resurrects the template
unit we used to ship, under a different name.

diff --git a/debian/changelog b/debian/changelog
index 873dddcfa..78863e039 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+openssh (1:9.6p1-5) UNRELEASED; urgency=medium
+
+  * Restore systemd template unit for per-connection sshd instances,
+    although without any corresponding .socket unit for now; this is mainly
+    for use with the forthcoming systemd-ssh-generator (closes: #1061516).
+    It's now called sshd@.service, since unlike the main service there's no
+    need to be concerned about compatibility with the slightly confusing
+    "ssh" service name that Debian has traditionally used.
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 03 Mar 2024 19:49:58 +0000
+
 openssh (1:9.6p1-4) unstable; urgency=medium
 
   * Add sshd_config checksums for 1:9.2p1-1 to ucf reference file, and add a
diff --git a/debian/openssh-server.install b/debian/openssh-server.install
index cf86dce41..5bf99be16 100755
--- a/debian/openssh-server.install
+++ b/debian/openssh-server.install
@@ -14,6 +14,7 @@ debian/openssh-server.ufw.profile => etc/ufw/applications.d/openssh-server
 debian/systemd/ssh.service lib/systemd/system
 debian/systemd/ssh.socket lib/systemd/system
 debian/systemd/rescue-ssh.target lib/systemd/system
+debian/systemd/sshd@.service lib/systemd/system
 debian/systemd/ssh-session-cleanup usr/lib/openssh
 
 # dh_apport would be neater, but at the time of writing it isn't in unstable
diff --git a/debian/systemd/sshd@.service b/debian/systemd/sshd@.service
new file mode 100644
index 000000000..29864a800
--- /dev/null
+++ b/debian/systemd/sshd@.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=OpenBSD Secure Shell server per-connection daemon
+Documentation=man:sshd(8) man:sshd_config(5)
+After=auditd.service
+
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStart=-/usr/sbin/sshd -i $SSHD_OPTS
+StandardInput=socket
+RuntimeDirectory=sshd
+RuntimeDirectoryPreserve=yes
+RuntimeDirectoryMode=0755

Thanks,

-- 
Colin Watson (he/him)                              [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#1061516: Please add a sshd@.service template for socket activation
  - From: Marco d'Itri <md@linux.it>

Prev by Date: Processed: Bug#1064898 marked as pending in openssh
Next by Date: Bug#1061516: Please add a sshd@.service template for socket activation
Previous by thread: Processed: Bug#1064898 marked as pending in openssh
Next by thread: Bug#1061516: Please add a sshd@.service template for socket activation
Index(es):
- Date
- Thread