Aw: Re: Howto log multiple sftpd instances with their chroot shared via NFS

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



> Does the patch idea seem viable?
> A local sshd build allows cleanly solving that as well.

Thanks Peter, but one reason for the new sftp-server cluster HA architecture (and therefore the central NFS mount for the users, leading to this problem)
was to be able to have maintenance of the single sftp servers without service outage, to be able to apply operating system security patches delivered by the distribution (Ubuntu in this case).
I have no capacity to follow the OpenSSH security issues myself an then if needed re-compile newer patched versions (and not even then apply your patch additionally every time to it :)
We do here industry production service and need to stick with vanilla distribution OpenSSH and leave the delivery security patches to Ubuntu.


> Set BindsTo=sshd.service in the sftpd.service [Unit] section to
> tell systemd that sftpd requires sshd, and should be stopped first
> if sshd is being stopped.
>
> Also create a Wants:
>
> mkdir /etc/systemd/system/sshd.service.wants
> ln -s ../sftpd.service /etc/systemd/system/sshd.service.wants/
>
> ..to tell systemd that it should try to start sftpd when sshd starts.
>
> Keep After=sshd.service in sftpd.service.
>

Thanks for the hint, I will look into it, I am not so experienced with systemd yet.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux