On Thu 2016-02-04 10:57:21 -0500, Ron Frederick wrote: >> On Feb 4, 2016, at 7:46 AM, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> wrote: >> fwiw, i think this is a good idea, but i wouldn't implement it as an >> explicit ListenAddress option: i'd rather have sshd be able to listen on >> an inherited file descriptor. This would allow generic socket >> activation, regardless of socket type. > > Can’t this already be done with “sshd -i”, by passing in the socket > via stdin/stdout? A simple wrapper which listened on the UNIX domain > socket could fork & exec “sshd -i” as new UNIX domain socket > connections arrived, similar to inetd. I've done this before (and even had ssh running over the serial console with it), but forking and exec'ing a new sshd instance for each connection is rather different from having a running sshd that can make overall decisions about the state of the machine (e.g. MaxStartups in sshd_config(5)), and it also requires a bunch of initial setup work each time a connection comes in. socket activation handed off to a single running master daemon addresses both of these legit engineering concerns better than an inetd-spawned "sshd -i" would. --dkg _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev