[systemd-devel] systemd and sshd.socket/sshd at .service
Mirco Tischler
mircotischler at gmx.net
Wed Mar 16 18:43:22 PDT 2011
Am 17.03.2011 02:32, schrieb Lennart Poettering:
> On Thu, 17.03.11 02:21, Mirco Tischler (mircotischler at gmx.net) wrote:
>>> Your sshd seems to return exit with a non-zero exit code just indicating
>>> a failure of some kind. use "ExecStart=-/foo/bar" instead of
>>> "ExecStart=/foo/bar" to spawn a process and ignore if it fails.
>>>
>>> Lennart
>>>
>> The most likely failure here is an authentication failure. sshd exits
>> with exit code 254(afair) in that case if in inet mode. This caused the
>> very same problem (sshd.socket shutting down) for me on a machine that
>> was accessable from the internet where I get a few hundred failed login
>> attempts per day.
> I think it is probably wise to use ExecStart=- on all instantiated
> socket services. Since failed services are not GC'ed you might otherwise
> end up collecting up quite a number of failed sshd@ instances until the
> limit is reached and further clients will be refused.
>
> Lennart
>
Yup, I agree on that. Just wanted to make a suggestion were all those
failed instances may come from :)
Thanks
Mirco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20110317/63c59eb5/attachment.pgp>
More information about the systemd-devel
mailing list