Control: severity -1 wishlist
On Mon, Apr 21, 2025 at 02:49:14PM +0200, Chris Hofstaedtler wrote:
* Martin-Éric Racine <martin-eric.rac...@iki.fi> [250421 14:42]:
The systemd unit current launches:
After=network.target remote-fs.target nss-lookup.target
This doesn't guarantee that we have acquired an IP address (see:
https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/).
Because of this, binding to an address using e.g. 'ListenAddress 192.168.1.12'
will make sshd fail to launch if the interface hasn't acquired an IP yet.
network-online.target should probably be added to the above to positively
ensure that we've acquired an IP before sshd launches.
network-online.target makes no guarantees on addresses, or even the
specific address configured in sshd.conf.
Yeah, I think the requested change would be counterproductive for other
users: a lot of people want sshd enabled as soon as possible, and most
people don't explicitly set ListenAddress.
If it helps in your local setup, I'd encourage you to use a local
override file.
I'd be happy to add additional advice about this to README.Debian if
somebody else writes it. But ideally it'd be more fine-grained than
just whacking in a dependency on network-online.target; perhaps we can
advise people how to configure their system so that ssh.service waits
for a particular interface to come up.
Thanks,
--
Colin Watson (he/him) [cjwat...@debian.org]
