I'm a bit worried about a remote computer because of an incident relating to media server at home. I've looked for similar posts and among bugs without any hits. I always set the port to a none standard one.
I made this update:
upgraded openssh (6.1p1-3 -> 6.1p1-4)
According to file list the in subject mentioned sshd.socket is included. What happened after update: sshd.socket went back to original 22 port, even though I cannot find any evidence of it being replaced.
Hence I ask how openssh is upgraded. Does it overwrite sshd.socket?
Next thing that puzzles me is how systemd works in this case. When I set sshd.socket to none standard port I forgot to change settings in /etc/ssh/sshd_config. Connection was refused on anything else than the port given in sshd.socket, but if using the right port in sshd.socket it did connect even though /etc/ssh/sshd_config still was default e g 22. Does systemd redirect ports and hence make any changes beside sshd.socket unnecessary?
Two questions in one.
Last edited by KimTjik (2012-12-02 13:11:53)
No replies so I continued to test once again to see what's going on.
sshd.socket = port X --> sshd_config = port Y
I does redirect or whatever it does making corresponding settings in sshd_config unnecessary. Is this the way systemd should work?
It works the other way around as well. Even if sshd_config is set to a none standard port and sshd.socket to standard connections works without issues according to sshd.socket settings. Port settings in sshd_config are useless.
does updating openssh replace sshd.socket with default settings?
Yes it does. In my novice eyes this is bad. Since sshd.socket redirects to whatever port sshd.service should listen to according to settings in sshd_config it doesn't screw up the ability to connect; you only need to remember to use default 22 port.
I don't know where to start: is this a bug? is the Wiki outdated? will some new config files override other settings for ssh?
If you are using the socket activated version of sshd, then the socket file dictates what socket to listen on. This can be changed by copying the file to /etc/systemd/system and changing the socket there.
If you want to configure the socket in sshd_config instead, then just use the traditional version: sshd.service.
OK, that explains a lot. Thanks!
If I understand you correct, if choosing the sshd.socket option I should as in other cases make custom changes to config files in /etc/systemd/system (as you wrote copy the sshd.socket from /lib/systemd/system/)? Then it also makes sense that the /lib/systemd/system/sshd.socket file should be kept with default settings.
I try that and if it works I probably add some note about it to the Wiki, which as for now is a bit vague and maybe even misleading in suggestion changes to /lib/systemd/system/sshd.socket.