question about sshd.service

[Leo Liou]

a curiosity (perhaps a dumb one too) question.

on CoreOS reboot, sshd comes up ... but, I noticed that 

systemctl list-unit-files sshd.service shows that it is disabled.

so, sshd.service is shipped as disabled.

why?

how did sshd got started on boot then? 

[Kyle Brown]

By default sshd is a socket activated service on Container Linux. You can disable socket activation and configure sshd.service as  a permanently active SSH daemon that forks for each incoming connection. Check out the Override socket-activate SSH portion of this doc: 

https://coreos.com/os/docs/latest/customizing-sshd.html

Cheers,

Kyle Brown

--
You received this message because you are subscribed to the Google Groups "CoreOS User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coreos-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Euan Kemp]

Regarding those docs, there are some in-flight improvements
(https://github.com/coreos/docs/pull/1100)

masking `sshd.socket` and enabling `sshd.service` is sufficient to
switch from socket-activated to not.

However, there's another issue at play here.

The output of `systemctl list-unit-files` is actually inaccurate. The
same goes for `systemctl is-enabled`.
As I recall, those commands only considers symlinks in `/etc`, so the
services we ship enabled in `/usr`, such as `sshd.socket`, don't show as
enabled in it.
This list of services reported inaccurately is roughly the set of links
in the directory:
/usr/lib/systemd/system/multi-user.target.wants/

- Euan