[Unit]
Description=Create SSH connection to %I
Requires=network-online.target
After=network-online.target
StopWhenUnneeded=yes

[Service]
Type=notify
NotifyAccess=all
DynamicUser=yes

LoadCredential=ssh:/etc/nnss/%i

RuntimeDirectory=nnss-%i
StateDirectory=nnss-%i
ExecStart=ssh -F /usr/lib/nnss/ssh_config default

NoNewPrivileges=yes
CapabilityBoundingSet=
RestrictNamespaces=true
SystemCallFilter=@system-service