coreos-init: cease enabling socket-activated sshd #1630
Conversation
|
This is certainly a thing we should do but I'm unsure how to safely migrate. Users who have changed the port or similar by modifying sshd.socket are going to lose that change. If the user has sshd.socket enabled in /etc I'm not sure whether it or sshd.service is more likely to win the conflict resolution. The migration question is the biggest reason we've stuck with this setup so far despite it confusing so many of our users, other distros don't run sshd in this manner so it is rather unexpected. |
|
Capturing OOB discussion: Due to the potential for customized sshd_configs and explicit sshd.socket enables / customizations, blindly switching to this simply enabled sshd.service carries some risk for upgrades. Instead we'll implement a generator which determines if sshd.service can safely be enabled, otherwise enabling sshd.socket. |
Switching to using a generator to either enable sshd or continue socket-activating if the user has done any local configuration of the socket unit. Maybe fixes coreos/bugs#909 Fixes coreos/bugs#966
vcaputo
changed the title
vcaputo
changed the title
|
@marineam so this is now simply removing the sshd.socket enable, deferring sshd enablement to coreos/init#188 |
|
I hope coreos or whatever it's called now under redhat no longer socket-activates sshd. |
|
Container Linux still socket-activates sshd, and we have no plans to change that: coreos/bugs#966 (comment). Fedora CoreOS will (hopefully) avoid doing so. |
Maybe fixes coreos/bugs#909
Fixes coreos/bugs#966