@@ -151,10 +151,16 @@ <h1 class="toc-title">Contents</h1>
151151id ="toc-sshd_skip_defaults "> sshd_skip_defaults</ a > </ li >
152152< li > < a href ="#sshd_manage_service "
153153id ="toc-sshd_manage_service "> sshd_manage_service</ a > </ li >
154+ < li > < a href ="#sshd_systemd_unit "
155+ id ="toc-sshd_systemd_unit "> sshd_systemd_unit</ a > </ li >
154156< li > < a href ="#sshd_allow_reload "
155157id ="toc-sshd_allow_reload "> sshd_allow_reload</ a > </ li >
156158< li > < a href ="#sshd_allow_restart "
157159id ="toc-sshd_allow_restart "> sshd_allow_restart</ a > </ li >
160+ < li > < a href ="#sshd_socket_allow_restart "
161+ id ="toc-sshd_socket_allow_restart "> sshd_socket_allow_restart</ a > </ li >
162+ < li > < a href ="#sshd_allow_daemon_reload "
163+ id ="toc-sshd_allow_daemon_reload "> sshd_allow_daemon_reload</ a > </ li >
158164< li > < a href ="#sshd_install_service "
159165id ="toc-sshd_install_service "> sshd_install_service</ a > </ li >
160166< li > < a href ="#sshd_manage_firewall "
@@ -293,7 +299,7 @@ <h1 id="requirements">Requirements</h1>
293299src ="https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-ubuntu.yml/badge.svg "
294300alt ="Run tests on Ubuntu latest " /> </ a > </ li >
295301</ ul > </ li >
296- < li > Debian wheezy, jessie, stretch, buster, bullseye, bookworm
302+ < li > Debian 11 (Bullseye), 12 (Bookworm), 13 (Trixie)
297303< ul >
298304< li > < a
299305href ="https://github.com/willshersystems/ansible-sshd/actions/workflows/ansible-debian-check.yml "> < img
@@ -363,19 +369,49 @@ <h3 id="sshd_manage_service">sshd_manage_service</h3>
363369inside a docker container (it is assumed ansible is used during build
364370phase) or AIX (Ansible < code > service</ code > module does not currently
365371support < code > enabled</ code > for AIX)</ p >
372+ < h3 id ="sshd_systemd_unit "> sshd_systemd_unit</ h3 >
373+ < p > Selection among < code > service</ code > and < code > socket</ code > , which
374+ is used in systemd to handle the sshd connection. Only one can be active
375+ at a time, otherwise both sshd and systemd will try to bind the same
376+ port and one of them will fail. Default depends on OS. Most of them use
377+ < code > service</ code > , but recent Ubuntu switched to using
378+ < code > socket</ code > by default.</ p >
366379< h3 id ="sshd_allow_reload "> sshd_allow_reload</ h3 >
367- < p > If set to < em > false</ em > , a reload of sshd won't happen on change.
368- This can help with troubleshooting. You'll need to manually reload sshd
369- if you want to apply the changed configuration. Defaults to
380+ < p > If set to < em > false</ em > , a reload of sshd service won't happen on
381+ change. This can help with troubleshooting. You'll need to manually
382+ reload sshd if you want to apply the changed configuration. Defaults to
370383< em > true</ em > .</ p >
371384< h3 id ="sshd_allow_restart "> sshd_allow_restart</ h3 >
372385< p > Some changes, for example of the sysconfig and environment files
373386require the full restart of the service. If set to < em > false</ em > , a
374- restart of sshd won't happen on these changes. This can help with
375- troubleshooting. You'll need to manually restart sshd if you want to
376- apply the changed configuration. Defaults to < em > true</ em > (except on
377- AIX where the reload is handled by specific restart command and this
378- option does not have any effect).</ p >
387+ restart of sshd service won't happen on these changes. This can help
388+ with troubleshooting. You'll need to manually restart sshd service if
389+ you want to apply the changed configuration. Defaults to < em > true</ em >
390+ (except on AIX where the reload is handled by specific restart command
391+ and this option does not have any effect).</ p >
392+ < h3 id ="sshd_socket_allow_restart "> sshd_socket_allow_restart</ h3 >
393+ < p > The systemd can run sshd either as a service or a socket, handling
394+ part of the network communication (default depends on the OS). After
395+ making changes to the socket unit or to the configuration defining the
396+ ports and addresses the systemd listens to, the socket unit needs to be
397+ restarted. If set to < em > false</ em > , a restart of sshd socket won't
398+ happen on these changes. This can help with troubleshooting. You'll need
399+ to manually restart sshd socket if you want to apply the changed
400+ configuration. Defaults to < em > true</ em > .</ p >
401+ < h3 id ="sshd_allow_daemon_reload "> sshd_allow_daemon_reload</ h3 >
402+ < p > The < code > systemd</ code > daemon needs to be reloaded in the following
403+ cases:</ p >
404+ < ul >
405+ < li > When the < code > systemd</ code > is used to manage the service and/or
406+ socket</ li >
407+ < li > When the ports or listen addresses are changed to non-default values
408+ and they are automatically picked up by the
409+ < code > sshd-socket-generator</ code > (such as in Ubuntu 24.04).</ li >
410+ </ ul >
411+ < p > If set to < em > false</ em > , a the < code > systemd</ code > daemon won't be
412+ reloaded on these changes. This can help with troubleshooting. You'll
413+ need to manually reload the < code > systemd</ code > daemon if you want to
414+ apply the changed configuration. Defaults to < em > true</ em > .</ p >
379415< h3 id ="sshd_install_service "> sshd_install_service</ h3 >
380416< p > If set to < em > true</ em > , the role will install service files for the
381417ssh service. Defaults to < em > false</ em > .</ p >
0 commit comments