Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd

To: 751636@bugs.debian.org
Subject: Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Fri, 10 Oct 2014 17:44:14 +0200
Message-id: <[🔎] 1412955854.4744.3.camel@scientia.net>
Reply-to: Christoph Anton Mitterer <calestyo@scientia.net>, 751636@bugs.debian.org
In-reply-to: <[🔎] 2698995.bEpLtCGLBZ@shri>
References: <[🔎] 2698995.bEpLtCGLBZ@shri>

On Fri, 2014-10-10 at 11:52 +0200, Tom Hutter wrote:
> Therefore I added a service, to solve this under the current Debian
> Wheezy version I am running.
Hmm I'm a bit torn apart between thinking that this is either an ugly
hack or a clean solution ^^

> ExecStart=/bin/true
At least this seems a hack ;-)

Let me see, on the one hand I think there should be one ssh.service file
which should be able to handle everything (isn't systemd so powerful?!
)... on the other hand I like the idea of having a service for the user
sessions, which should ideally allow to stop them (which is, AFAICS,
however not achieved by your version).

Let's perhaps collect what we want:

a) if sshd crashes or when it is restarted/reloaded (or when the network
is restarted), we do not want ssh sessions to terminate, right?

Of course this has the problem, that long running user sessions (or
consider something like ssh control channel multiplexing) are typically
*never* killed - which can be quite of a security problem.
Imagine a flaw found in ssh, which also affects running connections -
even when the main daemon would be restarted after package upgrade,..
the user session processes would be still vulnerable.
But let's say that this should be the job of a tool like needrestart[0]

b) we want a way to actually stop user sessions... not only for this
particular bug (i.e. on shutdown), but as a locally logged in sysadmin
I'd also like to say "okay... away with sshd and it's users".

Maybe the way to go would be the following:
- only restart/reload actions keep the user sessions a live
- stop however kills them as well

AFAICS, this should solve (a) and (b), the only difference to now would
be, that we need to educate our users/admins, that "systemctl stop ssh"
really means "all ssh stops" and not just "the main ssh daemon stops but
old connections remain".
Actually I feel that would be much cleaner thins the action is called
"stop" and not "stop-but-there-are-exceptions" and one should be able to
expect stop to really stop it (on the other hand though, one could argue
the same for restart/reload).

Cheers,
Chris.

[0] Note that needrestart currently also suffers this problem: it only
tracks the daemons, not the running sessions.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to:

References:
- Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
  - From: Tom Hutter <tom.hutter@unixum.de>

Prev by Date: Scopri la classe di Range Rover
Next by Date: Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
Previous by thread: Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
Next by thread: Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
Index(es):
- Date
- Thread