Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd

To: 751636@bugs.debian.org
Subject: Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Sat, 13 Dec 2014 19:04:30 +0100
Message-id: <[🔎] 1418493870.32545.44.camel@scientia.net>
Reply-to: Christoph Anton Mitterer <calestyo@scientia.net>, 751636@bugs.debian.org
In-reply-to: <[🔎] 20141213140136.GB12706@torres.zugschlus.de>
References: <2698995.bEpLtCGLBZ@shri> <1412955854.4744.3.camel@scientia.net> <[🔎] 20141213140136.GB12706@torres.zugschlus.de>

On Sat, 2014-12-13 at 15:01 +0100, Marc Haber wrote: 
> I would like to have a method to
> kill all ssh sessions with the exception of my own ones, or the single
> session that I happen to type the command restarting sshd in.
Since there is no definition of "which are yours" (the ones logged in to
your current user? sessions started by your current user?) this is going
to be difficult, apart from the fact, that one would need a way to find
out such information.

Anyway. This kind of process management is not what the init-system
should be there for.


> > b) we want a way to actually stop user sessions... not only for this
> > particular bug (i.e. on shutdown), but as a locally logged in sysadmin
> > I'd also like to say "okay... away with sshd and it's users".
> Agreed. We didn't have that until jessie though.
Sure,... I didn't claim that we had that before.


> > AFAICS, this should solve (a) and (b), the only difference to now would
> > be, that we need to educate our users/admins, that "systemctl stop ssh"
> > really means "all ssh stops" and not just "the main ssh daemon stops but
> > old connections remain".
> 
> That would be a pretty severe change from the behavior we used to have
> for fifteen years. I also guess it would be used as an argument
> against systemd as a whole.
First of all,... I just put that up for open discussion... i.e. the
questions:
When we'd start from scratch with the OS, and would ask ourselves "what
should happen when I type 'stop service XYZ'"... would that be to only
stop the listener, or to stop anything related to that service (i.e.
also any sessions, like ongoing httpd connections or that like).

I think the later would be the cleaner way of (generally) handling
things... and I'm well aware that this would change current behaviour.
OTOH, people aren't stupid and when you tell them why a current
behaviour changes and that it's for a better design of the system,..
they likely can adapt to it.
And in general, one cannot stop progress just because there are some
backwards-minded people who never want to have ill-designed things to
change.

Apart from that - *if* such change in behaviour would really come, it
would have nothing to do with systemd.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to:

Follow-Ups:
- Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
  - From: Marc Haber <mh+debian-bugs@zugschlus.de>

References:
- Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

Prev by Date: Bug#751636: Severity bump
Next by Date: Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
Previous by thread: Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
Next by thread: Bug#751636: openssh-server: ssh sessions are not cleanly termined on shutdown/restart with systemd
Index(es):
- Date
- Thread