Support socket activation with non-default ports

[eliasp]

Enhancement: Control via the var sshd_socket_activation whether SSH should run as a single permanent service or whether on each incoming connection request, a new instance of [email protected] should be spawned.

Reason: This improves security, allows for easier per-connection troubleshooting and eliminates the need to restart the service after config changes.

Result:

• sshd.socket is running, sshd.service is not
• on each connection, a service instance like [email protected]:22-192.168.178.53:44876.service is spawned

Issue Tracker Tickets (Jira or BZ if any): -

[eliasp]

Thank you for the PR. I've added a couple of comments.

Is there anything else that would need to be added to ensure complete managements of socket base instantiation? Ubuntu 22.10 appears to use sockets by default. Do you know if this change will fully support that implementation?

I can give Ubuntu 22.10 a try, but in general, I don't see why this shouldn't work. What should probably be done is to set the OS specific defaults for sshd_socket_activation accordingly.

I have pushed a few more commits to handle non-default SSH ports properly and converted the PR to a Draft for now, since I think a few more changes might be needed:

• handle a reset of ansible_port after the service moves to a different port while the play is running (I already have a nice idea how to handle this quite smoothly, but I need to give it a try)
• I need to ensure non-standard ports also work as expected with non-socket-activated setups
• I discovered some oddities regarding the config path in the service units with sshd_skip_defaults: true on RHEL-based systems.

[richm]

ping - any update?

[richm]

ping - any update?

ping ping