What if it was someone attacking your sshd and making it crash when it failed?
By automatically restarting it, you just allow the attacker to continue trying to exploit it.
By automatically restarting it, you don't solve the issue that makes it crashing.
By automatically restarting it, you, most of the time, don't even see it restarted, so really not giving you any way to solve the real problem.
It's not that I don't find process monitoring interesting, it's just that automatically restarting can bring more problems than it solves.
As with any service, the "correct" action upon a crash is probably dependent on what the machine is actually supposed to be doing. Take for example, a dedicated web server - having Apache do down when under attack and not attempt to recover would be bad since the attacker will have successfully caused a denial of service with very little effort. Compare to a private telephone exchange, for example, which is running a web server purely for management purposes - a crashed web server is not a disaster, the whole thing keeps doing its primary job without it, so automatically restarting the crashed web service _may_ not be the best plan.
So I guess the answer here is "it depends" and therefore the administrator should be able to choose either option, so selecting an init system that doesn't support one of the options would be bad.
In the case of sshd, since it is potentially the only way to safely fix a broken server, allowing it to die permanently seems like a bad option to me. A better option would probably be to restart it and firewall off all but a few "safe" IP addresses. That way the administrator can still access the server from one of those IPs and the attacker can't cause any more damage.
A well behaving daemon shouldn't be restarted (except maybe for rereading config files), it should start and stay that way. If it crashes randomly, then you might try to find the bug.
Whilst I agree that you should fix a crashy service rather than restarting it each time it breaks, there are nver the less reasons why you may want to auto-restart the service:
- In the real world, you can't just shut down a service until a bug has been fixed; you need to continue running it as best you can while the problem is being looked into and fixed. So a stop-gap measure may be necessary.
- Whilst you may believe some software to be bug-free, this may not be the case, and in some cases it would be disasterous to discover that thre is a bug by finding a service permanently go down. Far better to restart it and log the error.
- Bits _do_ occasionally get flipped in memory or registers, so software may well occasionally crash through no fault of its own. It is reasonable to have something in place to mitigate this should it ever happen.
So yes, I agree, if a service is crashing all the time then it needs to be fixed, but that doesn't mean that you should abandon all possibility of recovering from an unexpected crash.