This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
The sshd.socket behavior may cause the remote DoS and require a manual intervention to make server accepting the ssh connections back. sshd.service doesn’t have these downsides
A while ago, a dropping the sshd.socket from the openssh package was suggested in BZ#2025716 as there are several shortcomings with this approach that could lead to situations where users would loose access to a system while under DoS or memory pressure.
This change was implemented in rawhide & f39 and discussed on the devel list in a thread.
This change was reverted in f39 according to the FESCO decision.
The change as implemented does not include a migration path for existing users of the sshd.socket unit to the sshd.service unit. We need some migration path, also suitable for OSTree
This means that systems updating from 38 to 39 and relying on sshd.socket for openssh access to the system will end up unreachable via SSH.
This is notably important for Fedora CoreOS where we will automatically update systems to the next Fedora version shortly after the release: sshd.socket going away in Fedora 40 · Issue #1558 · coreos/fedora-coreos-tracker · GitHub
We think this change needs to get more visibility and should go through the change process and be evaluated for inclusion in Fedora 40.
See also the mentioned before thread.
This change will prevent remote DoS in the case the sshd.socket is acivated.
Proposal owners: the migration scriptlet is the best solution.
Other developers: check the dependencies on sshd.socket
Release engineering: #Releng issue number
Policies and guidelines: N/A (not needed for this Change)
Trademark approval: N/A (not needed for this Change)
Alignment with Community Initiatives: N/A
The worst case the remote access to the system will be lost of sshd.socket is enabled and the system is not switched to using sshd.service before upgrade
Enable sshd.socket Upgrade Check remote access over sshd
See “Benefit for Fedora”
Reverting the change
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
N/A (not a System Wide Change)
The change should be mentioned in the Release Notes.