Bug#751636: ssh sessions are not cleanly terminated on shutdown/restart with systemd

To: 751636@bugs.debian.org
Subject: Bug#751636: ssh sessions are not cleanly terminated on shutdown/restart with systemd
From: Simon Deziel <simon@sdeziel.info>
Date: Thu, 23 Jun 2016 12:44:58 -0400
Message-id: <[🔎] 576C120A.2090801@sdeziel.info>
Reply-to: Simon Deziel <simon@sdeziel.info>, 751636@bugs.debian.org
In-reply-to: <trinity-fa389bfc-1dcd-42f0-80f4-29db994282f5-1454852184456@3capp-mailcom-lxa11>
References: <trinity-fa389bfc-1dcd-42f0-80f4-29db994282f5-1454852184456@3capp-mailcom-lxa11> <trinity-fa389bfc-1dcd-42f0-80f4-29db994282f5-1454852184456@3capp-mailcom-lxa11>

On Sun, 7 Feb 2016 14:36:24 +0100 "Alexander Afonyashin"
<firm@iname.com> wrote:
> 1. Remove symlink /etc/systemd/system/sshd.service -> /lib/systemd/system/ssh.service - who knows what does symlink do here?
> 2. Copy /lib/systemd/system/ssh.service to /etc/systemd/system/ssh.service.

Forking the whole file can by avoided by overriding just the desired
part. In that case, using "systemctl edit ssh" or running those as root
would have been enough:

mkdir -p /etc/systemd/system/ssh.service.d/
cat << EOF >> /etc/systemd/system/ssh.service.d/override.conf
[Service]
ExecStop=/usr/bin/pkill sshd
EOF
systemctl daemon-reload

> 3. Edit /etc/systemd/system/ssh.service, add ExecStop=/usr/bin/killall sshd to [Service] section:

Unfortunately, killing every sshd instances is dangerous. Anyone
stopping the service remotely would be locked out.

I think that another service would be needed to cleanup SSH sessions on
shutdown before they are forcibly killed.

Regards,
Simon

Reply to:

Prev by Date: Bug#751636: .
Next by Date: Bug#828475: openssh: FTBFS with openssl 1.1.0
Previous by thread: Bug#751636: .
Next by thread: Bug#828475: openssh: FTBFS with openssl 1.1.0
Index(es):
- Date
- Thread