Changeset 9ce277fd for postlfs


Ignore:
Timestamp:
07/08/2024 09:11:24 AM (2 months ago)
Author:
Xi Ruoyao <xry111@…>
Branches:
12.2, gimp3, lazarus, trunk, xry111/for-12.3, xry111/spidermonkey128
Children:
050607b3
Parents:
ac1f23de
Message:

openssh: Explicitly unsupport changing ListenAddress when using BLFS configuration

I've not seen any distro supporting this.

Changing ListenAddress is already a very bad idea: for e.g. if a
repairman replaced the ethernet cable, a sshd with custom ListenAddress
will just exit and you cannot access the machine remotely anymore...
Adding Wanted=network-online.target into sshd.service will also make
things worse: when the system boots if the network connection is in a
degraded status (for e.g. one NIC is ok but another is not) systemd
won't even try to start sshd and again you cannot access the machine
remotely.

So let's explicitly unsupport doing so. If you want to limit the access
of ssh port, use iptables.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • postlfs/security/openssh.xml

    rac1f23de r9ce277fd  
    386386        <xref linkend="systemd-units"/> package.
    387387      </para>
     388
     389      <note>
     390        <para>
     391          Changing the setting of <option>ListenAddress</option> in
     392          <filename>/etc/sshd/sshd_config</filename> is unsupported with
     393          the BLFS sshd <phrase revision='sysv'>bootscript</phrase><phrase
     394          revision='systemd'>systemd unit</phrase>.
     395        </para>
     396      </note>
    388397
    389398      <indexterm zone="openssh openssh-init">
Note: See TracChangeset for help on using the changeset viewer.