-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to set Restart=always for a socket unit? #11553
Comments
what is the workaround until a native solution is provided? create a service to check and restart the socket unit? |
According to https://bugzilla.redhat.com/show_bug.cgi?id=2025716#c13, we should use
|
@travier That is very different mechanism than restarting. |
Good point. This only works for the DoS case. |
Try to change the dependency type to |
Looks like https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Upholds= could indeed be a workaround but it's not great as it require another "fake" unit. |
If it works, the "fake" unit can be even |
Why is something like that required? You can specify |
OK, so something like below could potentially do it (needs testing) for the
|
Just like |
Good point, updated. |
For reference, #29159 should help with this. |
I had an issue with a socket failing on boot, due to a network resource not yet being available, that could be worked around easily if this issue were resolved. I tried adding the socket to the Line 137 in f660c7f
For what it is worth the error due to the rate limit is:
I worked around it with another service to monitor and restart the socket but it would be nice if systemd would handle this. |
@dustinlagoy This is not the same issue. If your socket depends on a specific network resource being up then you should order it after that, not bypass/workaround the retry logic in systemd. |
Yes you are correct in my case that is a better solution. Perhaps for other cases there may be some need to work around the hardcoded rate limit though I don't know what they would be. |
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 4bfc21734bbc4d420aabbf0a98c30d8416dacd48) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 4bfc21734bbc4d420aabbf0a98c30d8416dacd48) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 4bfc21734bbc4d420aabbf0a98c30d8416dacd48) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: b044d8d0b4bd6e3127ce4a506ebcfadd12f589e8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: b044d8d0b4bd6e3127ce4a506ebcfadd12f589e8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: b044d8d0b4bd6e3127ce4a506ebcfadd12f589e8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: b044d8d0b4bd6e3127ce4a506ebcfadd12f589e8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: b044d8d0b4bd6e3127ce4a506ebcfadd12f589e8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: b044d8d0b4bd6e3127ce4a506ebcfadd12f589e8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 812b0fb780a6a60d8a2e4e69c72535aed9d163a8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 812b0fb780a6a60d8a2e4e69c72535aed9d163a8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 812b0fb780a6a60d8a2e4e69c72535aed9d163a8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 812b0fb780a6a60d8a2e4e69c72535aed9d163a8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 812b0fb780a6a60d8a2e4e69c72535aed9d163a8) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 6ee7beea7096c24e997ac89fb24690ff2e6204ef) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 6ee7beea7096c24e997ac89fb24690ff2e6204ef) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 6ee7beea7096c24e997ac89fb24690ff2e6204ef) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 6ee7beea7096c24e997ac89fb24690ff2e6204ef) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 6ee7beea7096c24e997ac89fb24690ff2e6204ef) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 6ee7beea7096c24e997ac89fb24690ff2e6204ef) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 6ee7beea7096c24e997ac89fb24690ff2e6204ef) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 327968f9b6de97940b2bb2bf6657850dc1d236bb) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 327968f9b6de97940b2bb2bf6657850dc1d236bb) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 327968f9b6de97940b2bb2bf6657850dc1d236bb) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 327968f9b6de97940b2bb2bf6657850dc1d236bb) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 327968f9b6de97940b2bb2bf6657850dc1d236bb) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 6ee7beea7096c24e997ac89fb24690ff2e6204ef) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: f37ef589fff0f0779cacea997a1e55491c7528dd) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: f37ef589fff0f0779cacea997a1e55491c7528dd) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: f37ef589fff0f0779cacea997a1e55491c7528dd) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 0ab9a617815ff3adf0cfd893b9801d8517d14457) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 0ab9a617815ff3adf0cfd893b9801d8517d14457) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 9a7c5222fcf71547db2b894b7bb70453c1c99fb3) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Socket activation is prone to DoS (denial of service) because too many connections will permanently deactivate sshd.socket [1]. Also, since socket units do not allow setting Restart, accepting new connections can fail due to, for example, OOM (out of memory) [2]. Therefore, it seems more sensible to use sshd.service by default and let sshd.socket be an optional choice. [1] https://bugs.archlinux.org/task/62248 [2] systemd/systemd#11553 (From OE-Core rev: 9a7c5222fcf71547db2b894b7bb70453c1c99fb3) Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Even socket units may fail, e.g. due to an out-of-memory situation, which may trigger errors like
(The unit comes from Arch Linux openssh package.)
Since there is no "nice way to fix the root cause", setting
Restart=always
for the unit is needed to prevent losing access to headless hosts with difficult physical access, but that clause is valid only for services. Is there another way to have socket units always restart on failure?The text was updated successfully, but these errors were encountered: