[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#832155: New ssh-session-cleanup.service kills ssh user session during upgrade

On Sun, 2016-07-24 at 01:38 +0200, Michael Biebl wrote:
> It doesn't help for the non-systemd case and people who opt to not
> install recommends by default use a non-standard configuration, so
> it's
> imho ok if those need to also apply additional configuration in case
> of
> SSH. We should optimize for the common case.

Why should OpenSSH depend on a package, which it doesn't strictly need
(or am I wrong here?) in both cases, with and without systemd?
Especially when that package pulls in quite some further stuff
(including systemd), which would then all people not running systemd

And if libpam-systemd is so important for running systemd, wouldn't be
just better if systemd itself depends on it?
Most people, including e.g. myself will have it anyway already since
systemd packages recommend it.

And could you please elaborate why the way with the session-cleaner is
a hack?
I mean ssh.service is, so to say, just the gatekeeper, and for the
actual sessions we have individual processes, that are basically like
their own independent daemons. They run alone are (and shouldn't be
killed) if ssh.service gets killed.

So it seems actually good design to have a unit which takes care of
those services.

Moreover, consider that you get a security update to ssh. One restarts
it, which however affects only the "main" sshd and the session
processes continue to run on (as it should be the case per default).
But in case the security issue was so critical, that it's better to
kill of all the ssh sessions immediately, it would be just nice to have
a service that could be used for that (which would again be the ssh-
session handler service).


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: