summaryrefslogtreecommitdiff
path: root/data/templates/ssh
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-07-04 21:34:37 +0200
committerChristian Poessinger <christian@poessinger.com>2020-07-04 21:36:51 +0200
commit8c4221083d8898bf478e2aeec04dd135e4993cb1 (patch)
treeda19816b5f94720c3cb83abf9cc48b23a6c05e85 /data/templates/ssh
parentd88e7a17000c65f2a2cf8d2b6581bb73151f10da (diff)
downloadvyos-1x-8c4221083d8898bf478e2aeec04dd135e4993cb1.tar.gz
vyos-1x-8c4221083d8898bf478e2aeec04dd135e4993cb1.zip
ssh: vrf: T2682: support restart on failure indefinitely
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
Diffstat (limited to 'data/templates/ssh')
-rw-r--r--data/templates/ssh/override.conf.tmpl5
1 files changed, 5 insertions, 0 deletions
diff --git a/data/templates/ssh/override.conf.tmpl b/data/templates/ssh/override.conf.tmpl
index d2d500f21..4276366ae 100644
--- a/data/templates/ssh/override.conf.tmpl
+++ b/data/templates/ssh/override.conf.tmpl
@@ -1,5 +1,10 @@
{% set vrf_command = '/sbin/ip vrf exec ' + vrf + ' ' if vrf is defined else '' %}
+[Unit]
+StartLimitIntervalSec=0
+After=vyos-router.service
+
[Service]
ExecStart=
ExecStart={{vrf_command}}/usr/sbin/sshd -D $SSHD_OPTS
+RestartSec=10