From: Michael Prokop <mika@grml.org>
Date: Mon, 29 Aug 2022 15:56:38 +0000 (+0200)
Subject: ssh.service: avoid indirection via /bin/sh + do not run test mode in ExecStartPre
X-Git-Tag: v0.41.1~11
X-Git-Url: https://git.grml.org/?p=grml-live.git;a=commitdiff_plain;h=6d869c1c62e716b394fd04caf33994f69fafda34

ssh.service: avoid indirection via /bin/sh + do not run test mode in ExecStartPre

There's no point in running ssh-keygen under /bin/sh, so let's drop this
unnecessary indirection.

Furthermore there shouldn't be any need to run `sshd -t` before starting
the ssh daemon on the live system, as we definitely would like to get
sshd started if it was requested to so, even if there might be a
(possibly intermittent) problem with it. The test run makes sense for
reloading an already running ssh daemon, and we keep this in place.

Thanks to András Korn for spotting this
---

diff --git a/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE
index e41b058..7b2c141 100644
--- a/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE
+++ b/etc/grml/fai/config/files/etc/systemd/system/ssh.service/GRMLBASE
@@ -7,8 +7,7 @@ ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
 
 [Service]
 EnvironmentFile=-/etc/default/ssh
-ExecStartPre=-/bin/sh -c "/usr/bin/ssh-keygen -A"
-ExecStartPre=/usr/sbin/sshd -t
+ExecStartPre=-"/usr/bin/ssh-keygen -A"
 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
 ExecReload=/usr/sbin/sshd -t
 ExecReload=/bin/kill -HUP $MAINPID