Why would I use "service sshd reload" in preference to "service sshd restart"?

Question

From my tests on Linux, it seems like

service sshd reload

• Only works when sshd is already running
• Stops sshd if the sshd_config file has problems
• Returns error code 0 even if the sshd_config file has problems

service sshd restart

• Works regardless of whether sshd is already running
• Stops sshd if the sshd_config file has invalid syntax or other problems
• Returns non-zero error code if the sshd_config file has problems

I understand that they are performing different operations, but it seems to me a no brainer that I should always use service sshd restart. Are there any reasons why service sshd reload is preferable in some situations?

Answer 1

As early as 2014 (probably earlier) a failed configuration load will not stop sshd but will instead continue. This allows you to edit the configuration over an ssh connection without fear of not being able to log back on after a restart.

Here's a little snippet from me doing just such a task:

root@beaglebone:~# service ssh reload
[....] Reloading ssh configuration (via systemctl): ssh.serviceJob failed. See system journal and 'systemctl status' for details.
 failed!
root@beaglebone:~# systemctl status sshd.service
ssh.service - LSB: OpenBSD Secure Shell server
          Loaded: loaded (/etc/init.d/ssh)
          Active: active (running) (Result: exit-code) since Fri, 05 Nov 2021 10:47:00 +0000; 24min ago
         Process: 7757 ExecReload=/etc/init.d/ssh reload (code=exited, status=1/FAILURE)
         Process: 712 ExecStart=/etc/init.d/ssh start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/ssh.service
                  ├ 1014 /usr/sbin/sshd
                  ├ 1746 sshd: root@pts/0
                  ├ 1756 -bash
                  └ 7814 systemctl status sshd.service

Note that the status is still active (and this was done over an ssh session).

Answer 2

Some apps, including several web servers, support reloading their configuration without restarting at all. In this case, reload would be the best way to signal them to do so.

As a use case, it would be great if sshd actually did support reloading the config without affecting existing connections. That would allow one to verify the new configuration without losing the current ssh connection (e.g. when modifying permissions, to ensure you can still log in).

Further reading: List of all systemd unit actions

Answer 3

I think this "reload" could be used in a shell script for multi services to recover to initial status, in this case we didn't know if a service is running or not, so we just let all these services "reload".

If we use "restart" in this case, some of those services we didn't use will start.

Usually for debugging problems(or modification) on single service, we want this service like "sshd" to start, "restart" should be better for we needn't check if this service is running successfully or not.

Answer 4

Just to mention: as in the above examples people are used sshd, that it is the daemon, the service is ssh. The correct line should be:

service ssh reload

Answer 5

When you run the service sshd command where opt could be reload/restart it actually runs a program with a modified enviroment just like this:

    env -i PATH="$PATH" TERM="$TERM" "${SERVICEDIR}/${SERVICE}" ${OPTIONS}

e.g.:

    env -i PATH=/sbin:/usr/sbin:/bin:/usr/bin TERM=xterm /etc/init.d/sshd reload

The sshd command does almost the same thing in both cases (restart/reload):

reload: Tries to kill the process sending a HUP signal, and as you can see on the snipet it needs the PID of the process to do it. (Works regardless of whether sshd is already running)

    reload()
    {
        echo -n $"Reloading $prog: "
        if [ -n "`pidfileofproc $SSHD`" ] ; then
             killproc $SSHD -HUP
        else
             failure $"Reloading $prog"
        fi
        RETVAL=$?
        echo
    }

restart: It would just do the same as if you were to execute a stop->start.

    restart() {
        stop
        start
    }

    start()
    {
         [ -x $SSHD ] || exit 5
         [ -f /etc/ssh/sshd_config ] || exit 6
         # Create keys if necessary
         if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
              do_rsa1_keygen
              do_rsa_keygen
              do_dsa_keygen
         fi

         echo -n $"Starting $prog: "
         $SSHD $OPTIONS && success || failure
         RETVAL=$?
         [ $RETVAL -eq 0 ] && touch $lockfile
         echo
         return $RETVAL
    }

    stop()
    {
         echo -n $"Stopping $prog: "
         if [ -n "`pidfileofproc $SSHD`" ] ; then
             killproc $SSHD
         else
         failure $"Stopping $prog"
         fi
         RETVAL=$?
         # if we are in halt or reboot runlevel kill all running sessions
         # so the TCP connections are closed cleanly
         if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
             trap '' TERM
             killall $prog 2>/dev/null
             trap TERM
         fi
         [ $RETVAL -eq 0 ] && rm -f $lockfile
         echo
    }