On Sun, 2016-07-24 at 01:38 +0200, Michael Biebl wrote: > It doesn't help for the non-systemd case and people who opt to not > install recommends by default use a non-standard configuration, so > it's > imho ok if those need to also apply additional configuration in case > of > SSH. We should optimize for the common case. Why should OpenSSH depend on a package, which it doesn't strictly need (or am I wrong here?) in both cases, with and without systemd? Especially when that package pulls in quite some further stuff (including systemd), which would then all people not running systemd get? And if libpam-systemd is so important for running systemd, wouldn't be just better if systemd itself depends on it? Most people, including e.g. myself will have it anyway already since systemd packages recommend it. And could you please elaborate why the way with the session-cleaner is a hack? I mean ssh.service is, so to say, just the gatekeeper, and for the actual sessions we have individual processes, that are basically like their own independent daemons. They run alone are (and shouldn't be killed) if ssh.service gets killed. So it seems actually good design to have a unit which takes care of those services. Moreover, consider that you get a security update to ssh. One restarts it, which however affects only the "main" sshd and the session processes continue to run on (as it should be the case per default). But in case the security issue was so critical, that it's better to kill of all the ssh sessions immediately, it would be just nice to have a service that could be used for that (which would again be the ssh- session handler service). Cheers, Chris.
Description: S/MIME cryptographic signature