Why after sshd service disabling, ssh(22) port still opened/listen?

Hi there!
Brief: I bought mini laptop for workstation purposes (on Intel CPU and GPU), and I decided to try Clear Linux. I’m not a sysadmin, so after the transition from Ubuntu I need answers.

Problem:
I have a fresh installation on Clear Linux and try to minimal properly setup it. I tried to turn off all unnecessary services and expected that I would not see the open ports associated with them.

And when I masked the cupsd.service by sudo systemctl mask cupsd, this is exactly what happened - no any LISTEN ports for that service.

But why it doesn’t work with ssh/sshd?

user@pc~ $ sudo systemctl sshd
 * sshd.service
        Loaded: masked (Reason: Unit sshd.service is masked.)
        Active: inactive (dead)

user@pc~ $ sudo lsof -P -i -n
COMMAND      PID             USER   FD   TYPE  DEVICE   SIZE/OFF  NODE  NAME
systemd        1             root  50u   IPv6   17039        0t0    TCP *:22 (LISTEN)
system-r     361  systemd-resolve  12u   IPv4   21534        0t0    UDP 127.0.0.53:53
system-r     361  systemd-resolve  13u   IPv4   21535        0t0    TCP 127.0.0.53:53 (LISTEN)

As far I know, it means active ssh-server/service for external connections that binded *:22 on any interfaces (assigned IPs, and external hosts can connect to me)

Please explain.
Whether it’s a part of non-disable internal system design of Clear Linux* or it does by other way. And why does sshd.service is exist, if ssh(22) is still running?

Thanx for any info.

man stateless explains.

sshd.service is not used in clearlinux. We start sshd.socket which is what you will want to disable. You can do this by running sudo systemctl mask sshd.socket which permanently disables it.

sshd.service exists because in some rare cases it’s beneficial to use it over sshd.socket, and some users may prefer it.

1 Like

Indeed, this is exactly what confused me.

sudo systemctl disable sshd.socket

It works!
Thank you!

2 Likes