Description of problem: Please add support for socket activation in sshd, in the sense of of a listening socket managed by systemd which is then passed to a long-running service on first connection. For many (most?) machines, sshd is used only occasionally. This includes both physical hardware e.g. developer laptops, but also VMs/containers, where one might connect sometimes for debugging, but not very often. It is good to have the possibility to connect, but always starting sshd wastes some ram and cpu cycles at startup. I expect we would want to have a permanently-activated sshd only on real multi-user servers, or on worker nodes which accept many ssh connections. For a majority of installations, socket activated sshd would be more appropriate. We currently have sshd.socket with Accept=yes which starts per-connection instances of sshd. Sshd is better at managing multiple connections than systemd, e.g. logs it much better and handles failing connections better. As a second-order feature, if socket activation is implemented, sshd could automatically deactivate itself after a few minutes of idleness. Because systemd woudl still hold the socket, there is no window where the socket is not listening and connections would fail. We have added socket activation to almost all services over the years, sshd is one of the notable exceptions.
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.
This started with > 3. sshd.socket is stupid. from bug #1851478. Given the attention systemd integration receives from the OpenSSH upstream, solution might be dropping the socket activation altogether as really nobody wants that. I do not think we want another downstream patch in openssh just to have different socket activation for systemd (unless somebody is willing to write that patch upstream.