From 6d869c1c62e716b394fd04caf33994f69fafda34 Mon Sep 17 00:00:00 2001 From: Michael Prokop Date: Mon, 29 Aug 2022 17:56:38 +0200 Subject: [PATCH] ssh.service: avoid indirection via /bin/sh + do not run test mode in ExecStartPre MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit There's no point in running ssh-keygen under /bin/sh, so let's drop this unnecessary indirection. Furthermore there shouldn't be any need to run `sshd -t` before starting the ssh daemon on the live system, as we definitely would like to get sshd started if it was requested to so, even if there might be a (possibly intermittent) problem with it. The test run makes sense for reloading an already running ssh daemon, and we keep this in place. Thanks to András Korn for spotting this --- etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE index e41b058..7b2c141 100644 --- a/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE +++ b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE @@ -7,8 +7,7 @@ ConditionPathExists=!/etc/ssh/sshd_not_to_be_run [Service] EnvironmentFile=-/etc/default/ssh -ExecStartPre=-/bin/sh -c "/usr/bin/ssh-keygen -A" -ExecStartPre=/usr/sbin/sshd -t +ExecStartPre=-"/usr/bin/ssh-keygen -A" ExecStart=/usr/sbin/sshd -D $SSHD_OPTS ExecReload=/usr/sbin/sshd -t ExecReload=/bin/kill -HUP $MAINPID -- 2.1.4