This does not work anymore because upstream now ships an sshd@.service which conflicts, without an equivalent sshd.socket.
Search Criteria
Package Details: openssh-socket-activation 1.0-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/openssh-socket-activation.git (read-only, click to copy) |
|---|---|
| Package Base: | openssh-socket-activation |
| Description: | systemd socket activation for openssh server |
| Upstream URL: | https://www.openssh.com/portable.html |
| Keywords: | sftp ssh systemd |
| Licenses: | GPL |
| Submitter: | lsevcik |
| Maintainer: | lsevcik |
| Last Packager: | lsevcik |
| Votes: | 3 |
| Popularity: | 0.000004 |
| First Submitted: | 2021-06-17 20:19 (UTC) |
| Last Updated: | 2021-06-17 20:19 (UTC) |
Dependencies (2)
- openssh (openssh-gitAUR, openssh-dnatAUR, openssh-gssapiAUR, openssh-selinuxAUR, openssh-hpn-shimAUR)
- systemd (systemd-gitAUR, systemd-selinuxAUR)
Required by (0)
Sources (2)
Latest Comments
DHouck commented on 2025-10-02 21:41 (UTC)
Ivan1986 commented on 2025-08-01 09:45 (UTC)
conflict with openssh from 10.0p1-4 after https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/commit/2d012def5ae47c69c34ddedf68329cb0eac9803d need rename files
lsevcik commented on 2021-06-17 20:38 (UTC) (edited on 2021-06-18 00:19 (UTC) by lsevcik)
Warning
Use of systemd socket activation may result in a Denial of Service attack! See FS#62248 It is advised to not use socket activation on an internet facing connection for this reason. Below are a few ways to (potentially) subvert this issue:
Security through obscurity:
Using systemd unit overriding, change the port that systemd listens on:
# systemctl edit sshd.socket
The contents of the file you edit should look something like:
[Socket]
ListenStream=
ListenStream=2222
Fail2ban:
It is possible to use fail2ban to ban a single IP from causing a denial of service to the server by having it fail after a few connection attempts. Note that this will not stop a Distributed Denial of Service from taking place.
Firewall:
If you know the addresses of the machines that will be connecting to this server, using software such as ufw, firewalld, or iptables to whitelist those IPs can avoid a potential (Distributed) Denial of Service.
Pinned Comments
lsevcik commented on 2021-06-17 20:38 (UTC) (edited on 2021-06-18 00:19 (UTC) by lsevcik)
Warning
Use of systemd socket activation may result in a Denial of Service attack! See FS#62248 It is advised to not use socket activation on an internet facing connection for this reason. Below are a few ways to (potentially) subvert this issue:
Security through obscurity:
Using systemd unit overriding, change the port that systemd listens on:
The contents of the file you edit should look something like:
Fail2ban:
It is possible to use fail2ban to ban a single IP from causing a denial of service to the server by having it fail after a few connection attempts. Note that this will not stop a Distributed Denial of Service from taking place.
Firewall:
If you know the addresses of the machines that will be connecting to this server, using software such as ufw, firewalld, or iptables to whitelist those IPs can avoid a potential (Distributed) Denial of Service.