From 053173b4573649266c292f5ce732970d98b6aaae Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen@aminda.eu>
Date: Fri, 14 Nov 2025 09:17:41 +0200
Subject: [PATCH] systemd/ssh{.d}.socket.d: note to self on adding additional
 ports

---
 etc/systemd/system/ssh.socket.d                  |  1 +
 .../system/ssh.socket.d/dualstack-bind.conf      |  1 -
 etc/systemd/system/sshd.socket.d/10-ports.conf   | 16 ++++++++++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)
 create mode 120000 etc/systemd/system/ssh.socket.d
 delete mode 120000 etc/systemd/system/ssh.socket.d/dualstack-bind.conf
 create mode 100644 etc/systemd/system/sshd.socket.d/10-ports.conf

diff --git a/etc/systemd/system/ssh.socket.d b/etc/systemd/system/ssh.socket.d
new file mode 120000
index 00000000..b2ca88bf
--- /dev/null
+++ b/etc/systemd/system/ssh.socket.d
@@ -0,0 +1 @@
+sshd.socket.d
\ No newline at end of file
diff --git a/etc/systemd/system/ssh.socket.d/dualstack-bind.conf b/etc/systemd/system/ssh.socket.d/dualstack-bind.conf
deleted file mode 120000
index 9f6f2492..00000000
--- a/etc/systemd/system/ssh.socket.d/dualstack-bind.conf
+++ /dev/null
@@ -1 +0,0 @@
-../socket.d/dualstack-bind.conf
\ No newline at end of file
diff --git a/etc/systemd/system/sshd.socket.d/10-ports.conf b/etc/systemd/system/sshd.socket.d/10-ports.conf
new file mode 100644
index 00000000..b06eec80
--- /dev/null
+++ b/etc/systemd/system/sshd.socket.d/10-ports.conf
@@ -0,0 +1,16 @@
+[Socket]
+# Ensure SSHd is not IPv6-only.
+BindIPv6Only=both
+
+# Uncomment to disable default port 22
+#ListenStream=
+# If the above is uncommented, it will attempt to bind twice and fail.
+#ListenStream=22
+
+# WARNING! SELINUX may avc block unreserved ports and fail if additional
+# ports are enabled.
+
+# KDE Connect wants TCP port range 1714-1764 open
+#ListenStream=1714
+# Mosh wants UDP port range 60000-61000 open (and some might open it in TCP)
+#ListenStream=60000