diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-03-12 18:44:33 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-03-14 17:23:28 +0100 |
| commit | 95be59f907a9853872c05f96e85aa2ce3bae8eea (patch) | |
| tree | 8edae4e35db284b0a9ff32ef6aef0eb245013d42 /man/systemd.special.xml | |
| parent | core: notify supervisor over targets we reach, as we reach them (diff) | |
| download | systemd-95be59f907a9853872c05f96e85aa2ce3bae8eea.tar.xz systemd-95be59f907a9853872c05f96e85aa2ce3bae8eea.zip | |
ssh-generator: introduce ssh-access.target
This new passive target is supposed to be pulled in by SSH
implementations and should be reached when remote SSH access is
possible. The idea is that this target can be used as indicator for
other components to determine if and when SSH access is possible.
One specific usecase for this is the new sd_notify() logic in PID 1 that
sends its own supervisor notifications whenever target units are
reached. This can be used to precisely schedule SSH connections from
host to VM/container, or just to identify systems where SSH is even
available.
Diffstat (limited to 'man/systemd.special.xml')
| -rw-r--r-- | man/systemd.special.xml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/man/systemd.special.xml b/man/systemd.special.xml index 988b7175ba..5980a8f930 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -83,6 +83,7 @@ <filename>sockets.target</filename>, <filename>soft-reboot.target</filename>, <filename>sound.target</filename>, + <filename>ssh-access.target</filename>, <filename>storage-target-mode.target</filename>, <filename>suspend.target</filename>, <filename>swap.target</filename>, @@ -1173,6 +1174,19 @@ </listitem> </varlistentry> <varlistentry> + <term><filename>ssh-access.target</filename></term> + <listitem> + <para>Service and socket units that provide remote SSH secure shell access to the local system + should pull in this unit and order themselves before this unit. It's supposed to act as a + milestone indicating if and when SSH access into the system is available. It should only become + active when an SSH port is bound for remote clients (i.e. if SSH is used as a local privilege + escalation mechanism, it should <emphasis>not</emphasis> involve this target unit), regardless of + the protocol choices, i.e. regardless if IPv4, IPv6 or <constant>AF_VSOCK</constant> is + used.</para> + <xi:include href="version-info.xml" xpointer="v256"/> + </listitem> + </varlistentry> + <varlistentry> <term><filename>time-set.target</filename></term> <listitem> <para>Services responsible for setting the system clock (<constant>CLOCK_REALTIME</constant>) |