ssh: don't use the openrc script and add socket activation service too

3 files changed, 24 insertions, 4 deletions

diff --git a/sshd.service b/sshd.service
index d9fa931..fa3d3f2 100644
--- a/sshd.service
+++ b/sshd.service
@@ -1,11 +1,15 @@
 [Unit]
-Description=SSH Daemon
+Description=SSH Secure Shell Service
 After=syslog.target
 
 [Service]
-Type=forking
-ExecStart=/etc/init.d/sshd start 
-ExecStop=/usr/init.d/sshd stop
+ExecStart=/usr/sbin/sshd -D
 
 [Install]
 WantedBy=multi-user.target
+
+# Note that this is the service file for running a single SSH server for all
+# incoming connections, suitable only for systems with a large amount of SSH
+# traffic. In almost all other cases it is a better idea to use sshd.socket +
+# sshd@.service (i.e. the on-demand spawning version for one instance per
+# connection).
diff --git a/sshd.socket b/sshd.socket
new file mode 100644
index 0000000..fd68407
--- /dev/null
+++ b/sshd.socket
@@ -0,0 +1,9 @@
+[Unit]
+Conflicts=sshd.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff --git a/sshd@.service b/sshd@.service
new file mode 100644
index 0000000..5280614
--- /dev/null
+++ b/sshd@.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=SSH Per-Connection Server
+After=syslog.target
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i
+StandardInput=socket