[systemd-devel] systemd services via SSH (-H key)

[Lennart Poettering]

On Fri, 23.10.15 00:07, Mikhail Kasimov (mikhail.kasimov at gmail.com) wrote:

> Hello!
> 
> 1. systemd services have a special key (-H) to connect to remote host
> via ssh. E.g. 'timedatectl -H user at host'. By default port 22 is used.
> But in very often cases admins change the default ssh-port in
> sshd-daemon settings (e.g. 41122). It's useful to avoid connections from
> ssh-bruteforce robots.

If you do that, then make sure to register the right port in
~/.ssh/config, so that all tools using ssh get this right.

> So, we'll have systemd-ssh via hard-defined tcp\udp port described in
> RFC. And if there's no systemd on remote host, user will get a message
> like "Cannot proceed on non-systemd host".

The whole idea of using ssh like this is to build on the
infrastructure and configuration people have already in place via ssh,
without introducing anything new.

> 2. To extend current -H key functionality with other ssh options (e.g. -p).
> 
> 3. To delete the redundant functionality (-H key) from systemd services
> and to continue to use traditional non-systemd-ways (ssh -p 123
> user at host).

You can do that. But note that we actually programatically expose
connections to remote hosts via ssh in sd-sbus, so that people could
write more complex software that talks to multiple hosts continously
this way. The fact that "loginctl", "machinectl", "systemctl",
"systemd-run" and so on can execute stuff on other hosts is just one
way we expose this stuff.

Lennart

-- 
Lennart Poettering, Red Hat