Allow sshd.listenAddress = off to disable the daemon

We might not want to run the internal SSHD, ever, on this system.
In such cases permit off for listenAddress so that we don't
initialize a server key, or even try to load it at startup.

Change-Id: Ia57c3aa24413d64e10e0440f758b3b18f881ddd9
Signed-off-by: Shawn O. Pearce <sop@google.com>

Documentation/config-gerrit.txt

@@ -1784,6 +1784,8 @@ default of 29418.
 If multiple values are supplied, the daemon will listen on all
 of them.
 +
+To disable the internal SSHD, set listenAddress to `off`.
++
 By default, *:29418.
 
 [[sshd.advertisedAddress]]sshd.advertisedAddress::

gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitSshd.java

@@ -54,13 +54,20 @@ class InitSshd implements InitStep {
     String hostname = "*";
     int port = 29418;
     String listenAddress = sshd.get("listenAddress");
-    if (listenAddress != null && !listenAddress.isEmpty()) {
+    if (isOff(listenAddress)) {
+      hostname = "off";
+    } else if (listenAddress != null && !listenAddress.isEmpty()) {
       final InetSocketAddress addr = SocketUtil.parse(listenAddress, port);
       hostname = SocketUtil.hostname(addr);
       port = addr.getPort();
     }
 
     hostname = ui.readString(hostname, "Listen on address");
+    if (isOff(hostname)) {
+      sshd.set("listenAddress", "off");
+      return;
+    }
+
     port = ui.readInt(port, "Listen on port");
     sshd.set("listenAddress", SocketUtil.format(hostname, port));
 
@@ -73,6 +80,12 @@ class InitSshd implements InitStep {
     generateSshHostKeys();
   }
 
+  private static boolean isOff(String listenHostname) {
+    return "off".equalsIgnoreCase(listenHostname)
+        || "none".equalsIgnoreCase(listenHostname)
+        || "no".equalsIgnoreCase(listenHostname);
+  }
+
   private void generateSshHostKeys() throws InterruptedException, IOException {
     if (!site.ssh_key.exists() //
         && !site.ssh_rsa.exists() //

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java

@@ -216,7 +216,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
 
   @Override
   public synchronized void start() {
-    if (acceptor == null) {
+    if (acceptor == null && !listen.isEmpty()) {
       checkConfig();
 
       acceptor = createAcceptor();
@@ -257,6 +257,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
   }
 
   private List<HostKey> computeHostKeys() {
+    if (listen.isEmpty()) {
+      return Collections.emptyList();
+    }
+
     final List<PublicKey> keys = myHostKeys();
     final ArrayList<HostKey> r = new ArrayList<HostKey>();
     for (final PublicKey pub : keys) {
@@ -348,6 +352,10 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
       return bind;
     }
 
+    if (want.length == 1 && isOff(want[0])) {
+      return bind;
+    }
+
     for (final String desc : want) {
       try {
         bind.add(SocketUtil.resolve(desc, DEFAULT_PORT));
@@ -358,6 +366,12 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
     return bind;
   }
 
+  private static boolean isOff(String listenHostname) {
+    return "off".equalsIgnoreCase(listenHostname)
+        || "none".equalsIgnoreCase(listenHostname)
+        || "no".equalsIgnoreCase(listenHostname);
+  }
+
   @SuppressWarnings("unchecked")
   private void initProviderBouncyCastle() {
     setKeyExchangeFactories(Arrays.<NamedFactory<KeyExchange>> asList(