Hi everybody.
I wanted to know how services.openssh.startWhenNeeded works so I enabled it and I realized that it creates a systemd socket that is waiting for incoming connection on TCP/22 or other port if you specify and then it starts sshd.
The only benefit I can think of is memory consumption. Or are there any other (possibly security) benefits?
Thank you!
M.
I guess the main reason is to speed up the boot process slightly.
Hello. Good question.
So I took a look at nixpkgs and found:
commit 03d9e5cda0db6d4b213f595d3320eb3b69818444
By enabling ‘services.openssh.startWhenNeeded’, sshd is started
on-demand by systemd using socket activation. This is particularly
useful if you have a zillion containers and don't want to have sshd
running permanently. Note that socket activation is not noticeable
slower, contrary to what the manpage for ‘sshd -i’ says, so we might
want to make this the default one day.
So main reason is containers.
And I can think about “low” memory (almost) dedicated systems like rpi-zero, where you don’t need to run stuff which is not much used.