Hi. I'm trying to understand why the sshd still starts after local daemons, out-of-the-box, and what it takes to make this extremely vital service to start before non-system (local) ones. I bet I'm not the first one to ask, so why isn't this already done ? Seems quite easy for me. Eugene.
> On 23 September 2015, at 01:44, Eugene M. Zheganin <emz at norma.perm.ru> wrote: > > Hi. > > I'm trying to understand why the sshd still starts after local daemons, > out-of-the-box, and what it takes to make this extremely vital service > to start before non-system (local) ones. I bet I'm not the first one to > ask, so why isn't this already done ? Seems quite easy for me.The fix is quite simple: Add # BEFORE: mail to /etc/rc.d/sshd I tried to submit a PR on that about a year ago, but it never seemed to make it into the PR system. Many of my servers are remote and if there is an issue with a port, I still need a way into the system other than driving for hours. This works. Sshd is started early in the sequence and I can at least ssh into the server. It won?t help though if there is a syntax error in /etc/rc.conf. Those are pretty much fatal.
Eugene M. Zheganin wrote on 09/23/2015 10:44:> Hi. > > I'm trying to understand why the sshd still starts after local daemons, > out-of-the-box, and what it takes to make this extremely vital service > to start before non-system (local) ones. I bet I'm not the first one to > ask, so why isn't this already done ? Seems quite easy for me.I was thinking about this a long time ago and instead of trying to change FreeBSD, I just added one simple file on each of our servers: ~/> cat /usr/local/etc/rc.d/sshd_reorder #!/bin/sh # PROVIDE: sshd_reorder # REQUIRE: LOGIN sshd ## this file is just to start sshd earlier on the boot ## mainly before long starting processes like jails, mysql, apache etc. ## ## place this file in to /usr/local/etc/rc.d/sshd_reorder ## and make it executable chmod 0555 /usr/local/etc/rc.d/sshd_reorder It is not perfect, because some services are still started before sshd. Miroslav Lachman
"Eugene M. Zheganin" <emz at norma.perm.ru> writes:> I'm trying to understand why the sshd still starts after local daemons, > out-of-the-box, and what it takes to make this extremely vital service > to start before non-system (local) ones. I bet I'm not the first one to > ask, so why isn't this already done ? Seems quite easy for me."non-system (local)" services can also be extremely vital: quagga, for instance. In practice, it is probably fine to move sshd before LOGIN. DES -- Dag-Erling Sm?rgrav - des at des.no