Description of problem: I have: $ sudo systemctl status sshd.service sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled) Active: active (running) since Fri, 06 Apr 2012 04:09:08 +0200; 46s ago Main PID: 855 (sshd) CGroup: name=systemd:/system/sshd.service └ 855 /usr/sbin/sshd -D But after rebooting I get the same result (sshd.target is disabled but active). Version-Release number of selected component (if applicable): Up-to-date Fedora 17 How reproducible: Steps to Reproduce: Boot/Reboot F17 Actual results: sshd.target is active Expected results: sshd.target is inactive Additional info:
Disabling sshd-keygen.service 'fixes' the bug. Seems to me like 'BindTo=sshd.service' in the file sshd-keygen.service is wrong because it activates sshd.service. $ cat /usr/lib/systemd/system/sshd-keygen.service [Unit] Description=SSH server keys generation. After=syslog.target Before=sshd.service BindTo=sshd.service [Service] Type=oneshot EnvironmentFile=/etc/sysconfig/sshd ExecStart=/usr/sbin/sshd-keygen RemainAfterExit=yes /usr/lib/systemd/system/sshd-keygen.service Notice the fix for bug https://bugzilla.redhat.com/show_bug.cgi?id=805338 (openssh-server unconditionally installs sshd-keygen.service, slows down boot) which should also fix/influence this bug here. (I haven't tested the update yet).
So this bug seems to be a result of bug https://bugzilla.redhat.com/show_bug.cgi?id=805338, because having sshd-keygen.service in multi-user.target seems to be the wrong approach. I'll leave this bug here open until the fix is up, because it addresses a separate issue: sshd running after boot.
Actually the update is already in testing and I have/had it installed, it just seems that the the update process didn't remove symlinks or something like that ... ?
(In reply to comment #3) > Actually the update is already in testing and I have/had it installed, it just > seems that the the update process didn't remove symlinks or something like that > ... ? I decided to not call disable on ssh-keygen.service during update and let users to disable it themselves, but it seems to be wrong decision. > Disabling sshd-keygen.service 'fixes' the bug. Yes. > > Seems to me like 'BindTo=sshd.service' in the file sshd-keygen.service is wrong > because it activates sshd.service. 'BindTo=sshd.service' is needed. ssh-keygen,service is oneshot and stays after exit in running state. And as we need to start ssh-keygen.service every time sshd.service starts, so we need to stop ssh-keygen.service together with sshd.service. Unfortunately there is side effect that sshd.service is started even if sshd-keygen.service is started manually.
I've removed sshd-keygen.service completely. sshd-keygen is run from sshd.service now: # cat /usr/lib/systemd/system/sshd.service [Unit] Description=OpenSSH server daemon After=syslog.target network.target auditd.service [Service] EnvironmentFile=/etc/sysconfig/sshd ExecStartPre=/usr/sbin/sshd-keygen ExecStart=/usr/sbin/sshd -D $OPTIONS ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target
openssh-5.9p1-22.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/openssh-5.9p1-22.fc17
Package openssh-5.9p1-22.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-5.9p1-22.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-5485/openssh-5.9p1-22.fc17 then log in and leave karma (feedback).
openssh-5.9p1-22.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.