[PATCH] sshd: add sshd.service

[PATCH] sshd: add sshd.service

[Zheng Ruoqin]

Add sshd.service for user to start the sshd deamon.

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
---
 meta/recipes-connectivity/openssh/openssh/sshd.service | 16 ++++++++++++++++
 meta/recipes-connectivity/openssh/openssh_7.7p1.bb     |  2 ++
 2 files changed, 18 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/sshd.service

diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service
new file mode 100644
index 0000000..eb87d32
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=OpenSSH server daemon
+Documentation=man:sshd(8) man:sshd_config(5)
+After=network.target sshd-keygen.service
+Wants=sshd-keygen.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/sshd
+ExecStart=/usr/sbin/sshd -D $OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+RestartSec=42s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
index b3da5f6..def4062 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://ssh_config \
            file://init \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://sshd.service \
            file://sshd.socket \
            file://sshd@.service \
            file://sshdgenkeys.service \
@@ -111,6 +112,7 @@ do_install_append () {
 	echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 
 	install -d ${D}${systemd_unitdir}/system
+	install -c -m 0644 ${WORKDIR}/sshd.service ${D}${systemd_unitdir}/system
 	install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
 	install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
 	install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
-- 
2.7.4

Re: [PATCH] sshd: add sshd.service

[Peter Kjellerstedt]

> -----Original Message-----
> From: openembedded-core-bounces@lists.openembedded.org
> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of
> Zheng Ruoqin
> Sent: den 16 juli 2018 09:47
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [PATCH] sshd: add sshd.service
> 
> Add sshd.service for user to start the sshd deamon.

Why would we want this? This will start the sshd server 
unconditionally, instead of the current solution which only starts 
it if someone actually connects to port 22.

If there is some technical reason to have the sshd service always 
running, then that should be optional and enabled using a 
PACKAGECONFIG (which should be disabled by default).

> Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
> ---
>  meta/recipes-connectivity/openssh/openssh/sshd.service | 16
> ++++++++++++++++
>  meta/recipes-connectivity/openssh/openssh_7.7p1.bb     |  2 ++
>  2 files changed, 18 insertions(+)
>  create mode 100644 meta/recipes-connectivity/openssh/openssh/sshd.service
> 
> diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service
> new file mode 100644
> index 0000000..eb87d32
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh/sshd.service
> @@ -0,0 +1,16 @@
> +[Unit]
> +Description=OpenSSH server daemon
> +Documentation=man:sshd(8) man:sshd_config(5)
> +After=network.target sshd-keygen.service
> +Wants=sshd-keygen.service

Where do you get the sshd-keygen service from? There is a
sshdgenkeys service (as can be seen below)...

> +
> +[Service]
> +EnvironmentFile=/etc/sysconfig/sshd

This does not match the current configuration in sshd@.service, 
which uses /etc/default/ssh.

> +ExecStart=/usr/sbin/sshd -D $OPTIONS
> +ExecReload=/bin/kill -HUP $MAINPID

Don't use hardcoded paths. See example in sshd@.service how this 
should be handled.

> +KillMode=process
> +Restart=on-failure
> +RestartSec=42s
> +
> +[Install]
> +WantedBy=multi-user.target
> diff --git a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
> index b3da5f6..def4062 100644
> --- a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
> @@ -17,6 +17,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
>             file://ssh_config \
>             file://init \
>             ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
> +           file://sshd.service \
>             file://sshd.socket \
>             file://sshd@.service \
>             file://sshdgenkeys.service \
> @@ -111,6 +112,7 @@ do_install_append () {
>  	echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
> 
>  	install -d ${D}${systemd_unitdir}/system
> +	install -c -m 0644 ${WORKDIR}/sshd.service ${D}${systemd_unitdir}/system
>  	install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
>  	install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
>  	install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
> --
> 2.7.4

//Peter