On Do, 03.08.23 11:29, Dmitry Belyavskiy (dbelyavs@xxxxxxxxxx) wrote: > Dear colleagues, > > I've pushed a fresh build of OpenSSH to rawhide. > We decided to drop the sshd.socket unit from rawhide. We don't think > it's worth going through the changes process, but would like to > provide a heads-up. Hmm, why drop it? For many setups, it makes not sense to continously run sshd, so socket activation should be fine. I don't understand the reasoning behind this change. You claim a DoS. Which DoS is that supposed to be? That we enforce a trigger time limit on socket units by default? If you don't want this, turn it off, that's what TriggerLimitIntervalSec=/TriggerLimitBurst= is for, see docs. The discussion makes this sound as if there was a bug in systemd or so, but there really isn't, it's literally a safety feature you ran into. It might not make sense to have the trigger rate limit in place for all usecases, ssh might be one where it is not advisable, but then the right approach is to just turn that part off, as documented, via the aforementioned options. See for details: https://www.freedesktop.org/software/systemd/man/systemd.socket.html#TriggerLimitIntervalSec= I don't care too much whether you make ssh socket-activated by default or not. But at least the option should exist, already for compat with existing setups. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
