systemd-ssh-generator - Man Page

Generator for binding a socket-activated SSH server to local AF_VSOCK and AF_UNIX sockets

Synopsis

/usr/lib/systemd/system-generators/systemd-ssh-generator

Description

systemd-ssh-generator binds a socket-activated SSH server to local AF_VSOCK and AF_UNIX sockets under certain conditions. It only has an effect if the sshd(8) binary is installed. Specifically, it does the following:

See systemd-ssh-proxy(1) for details on how to connect to these sockets via the ssh client.

The ssh.authorized_keys.root credential can be used to allow specific public keys to log in over SSH. See systemd.system-credentials(7) for more information.

The generator will use a packaged sshd@.service service template file if one exists, and otherwise generate a suitable service template file.

systemd-ssh-generator implements systemd.generator(7).

Kernel Command Line

systemd-ssh-generator understands the following kernel-command-line(7) parameters:

systemd.ssh_auto=

This option takes an optional boolean argument, and defaults to yes. If enabled, the automatic binding to the AF_VSOCK and AF_UNIX sockets listed above is done. If disable, this is not done, except for those explicitly requested via systemd.ssh_listen= on the kernel command line or via the ssh.listen system credential.

Added in version 256.

systemd.ssh_listen=

This option configures an additional socket to bind SSH to. It may be used multiple times to bind multiple sockets. The syntax should follow the one of ListenStream=, see systemd.socket(5) for details. This functionality supports all socket families systemd(1) supports, including AF_INET and AF_INET6.

Added in version 256.

Credentials

systemd-ssh-generator supports the system credentials logic. The following credentials are used when passed in:

ssh.listen

This credential should be a text file, with each line referencing one additional socket to bind SSH to. The syntax should follow the one of ListenStream=, see systemd.socket(5) for details. This functionality supports all socket families systemd supports, including AF_INET and AF_INET6.

Added in version 256.

See Also

systemd(1), kernel-command-line(7), systemd.system-credentials(7), vsock(7), unix(7), ssh(1), sshd(8)

Notes

1.

Container Interface
https://systemd.io/CONTAINER_INTERFACE

Referenced By

kernel-command-line(7), systemd.directives(7), systemd.index(7), systemd-ssh-proxy(1), systemd.system-credentials(7).

systemd 257~rc3