What's the benefit of services.openssh.startWhenNeeded?

Hi everybody.

I wanted to know how services.openssh.startWhenNeeded works so I enabled it and I realized that it creates a systemd socket that is waiting for incoming connection on TCP/22 or other port if you specify and then it starts sshd.

The only benefit I can think of is memory consumption. Or are there any other (possibly security) benefits?

Thank you!


I guess the main reason is to speed up the boot process slightly.

Hello. Good question.

So I took a look at nixpkgs and found:

commit 03d9e5cda0db6d4b213f595d3320eb3b69818444

    By enabling ‘services.openssh.startWhenNeeded’, sshd is started
    on-demand by systemd using socket activation. This is particularly
    useful if you have a zillion containers and don't want to have sshd
    running permanently. Note that socket activation is not noticeable
    slower, contrary to what the manpage for ‘sshd -i’ says, so we might
    want to make this the default one day.

So main reason is containers.
And I can think about “low” memory (almost) dedicated systems like rpi-zero, where you don’t need to run stuff which is not much used.