[Unit]
Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5)
DefaultDependencies=no
Before=cryptsetup.target

[Service]
# With `Type=notify` the sshd service is started in a reliable
# and robust way but it requires an sshd with systemd support.
# Fedora/RHEL/CentOS/Debian/Ubuntu provide such an sshd.
#
# On distributions such as Gentoo, sshd doesn't come with
# systemd support, thus, one has to set `Type=simple` there.
Type=notify

EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
EnvironmentFile=-/etc/crypto-policies/back-ends/openssh-server.config
EnvironmentFile=-/etc/sysconfig/sshd
EnvironmentFile=-/etc/sysconfig/ssh
EnvironmentFile=-/etc/sysconfig/dracut-sshd

# Start command requires the `-e` option if and only if `Type=simple`
# is configured, see above.
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS $OPTIONS $CRYPTO_POLICY

ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s

# Create privilege separation directory /run/sshd for Debian/Ubuntu
RuntimeDirectory=sshd
RuntimeDirectoryMode=0755

[Install]
WantedBy=sysinit.target