[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#832155: marked as done (New ssh-session-cleanup.service kills ssh user session during upgrade)

Your message dated Fri, 29 Jul 2016 04:19:35 +0000
with message-id <E1bSzGp-0002zf-OD@franck.debian.org>
and subject line Bug#832155: fixed in openssh 1:7.2p2-8
has caused the Debian Bug report #832155,
regarding New ssh-session-cleanup.service kills ssh user session during upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
832155: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832155
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:7.2p2-6
Severity: serious

Hi,

the addition of ssh-session-cleanup.service in the latest upload [1] is
imho a bad idea. It's an aweful hack and besides, it also kills your SSH
sessions on upgrades (thus severity RC).

The proper fix is to use libpam-systemd. This will register a proper
session scope when users log in via SSH. Those session scopes are
ordered against systemd-user-sessions.service which itself has a proper
ordering against network.target. So those user session are stopped
before the network stack is shutdown.

Please drop ssh-session-cleanup.service again and simply add a
dependency on libpam-systemd. It's the correct solution for this
problem.

Regards,
Michael

[1] https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?id=b66f1de1c94

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii  adduser                3.115
ii  debconf [debconf-2.0]  1.5.59
ii  dpkg                   1.18.9
ii  init-system-helpers    1.39
ii  libaudit1              1:2.6.5-1
ii  libc6                  2.23-2
ii  libcomerr2             1.43.1-1
ii  libgssapi-krb5-2       1.14.2+dfsg-1
ii  libkrb5-3              1.14.2+dfsg-1
ii  libpam-modules         1.1.8-3.3
ii  libpam-runtime         1.1.8-3.3
ii  libpam0g               1.1.8-3.3
ii  libselinux1            2.5-3
ii  libssl1.0.2            1.0.2h-1
ii  libsystemd0            230-7
ii  libwrap0               7.6.q-25
ii  lsb-base               9.20160629
ii  openssh-client         1:7.2p2-6
ii  openssh-sftp-server    1:7.2p2-6
ii  procps                 2:3.3.12-2
ii  zlib1g                 1:1.2.8.dfsg-2+b1

Versions of packages openssh-server recommends:
ii  ncurses-term  6.0+20160625-1
ii  xauth         1:1.0.9-1

Versions of packages openssh-server suggests:
ii  ksshaskpass [ssh-askpass]  4:5.7.0-1
pn  molly-guard                <none>
pn  monkeysphere               <none>
pn  rssh                       <none>
ii  ssh-askpass                1:1.2.4.1-9
pn  ufw                        <none>

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:7.2p2-8

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 832155@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 29 Jul 2016 02:51:32 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.2p2-8
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 832155 832445 832557
Changes:
 openssh (1:7.2p2-8) unstable; urgency=medium
 .
   [ Colin Watson ]
   * Stop enabling ssh-session-cleanup.service by default; instead, ship it
     as an example and add a section to README.Debian.  libpam-systemd >= 230
     and "UsePAM yes" should take care of the original problem for most
     systemd users (thanks, Michael Biebl; closes: #832155).
 .
   [ Martin Pitt ]
   * Add debian/agent-launch: Helper script for conditionally starting the SSH
     agent in the user session. Use it in ssh-agent.user-session.upstart.
   * Add systemd user unit for graphical sessions that use systemd. Override
     the corresponding upstart job in that case (closes: #832445).
   * debian/openssh-server.if-up: Don't block on a finished reload of
     openssh.service, to avoid deadlocking with restarting networking.
     (closes: #832557, LP: #1584393)
Checksums-Sha1:
 20205f98e98ebf139f83cb2ea54d99879511387e 2884 openssh_7.2p2-8.dsc
 ed0db2274a92c43e7838792a78c9410e1830412e 155012 openssh_7.2p2-8.debian.tar.xz
Checksums-Sha256:
 e778efe40936b501934e610e111366778127fc1517abf50533a0c16618a6c700 2884 openssh_7.2p2-8.dsc
 12a769972a4dfb379203c966d8bc2b848246ee69c83abffa2875b91adafb1525 155012 openssh_7.2p2-8.debian.tar.xz
Files:
 7e3e0ca8818b3f61b5775b903fab9530 2884 net standard openssh_7.2p2-8.dsc
 74cef7c835704e93c61eb234c59cc7d2 155012 net standard openssh_7.2p2-8.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBV5q2vDk1h9l9hlALAQgs1w/+KvS29GvNVMJ/iH2/e6E9olGuNhXKA73x
d9V98h4H5bowIhYOtD6mJFItqqXkVxB6ZoaoC00BQ8MiMHepabM0y3RfrtOZsp/b
bDFqEHY5nJd6c/lvrCIFRuZ4pTrRKwNkv4fe4GZQLbcbdeMD86aGeq5qLPjEfXiy
vobl2fwVdxIiW/IrldILc5Bv3qOZhLiSLO2C95wq+MI72ZCdXh5vs68Fxz23a4Qc
7Ay5lFPvMLvVK7Uq9uaewmImaKk6azFaFoCXWLAU+4g9nacf3wUYGXsjLRxBCVvY
Oc2ZTKNJk9hRVoY3vzQz51Q2QX5Ayi6m2e36KqopQ4BoVY0vUKRY3DhHCt8rNnw7
szz2dCxWe3nFyM0HQRS931e2C/kl+a2auEViPmTUda0eOVSlFtWN5j70G8LN9V8D
iHNHMXd9rgWV9zEpCT+iEBU4bAbgrpG1ap8L5tGCGLZD8LCjKqjWRNjJLA8opeJ3
EX3wk99AjvEmbnimv0l6HRvDREfi/VEJ6x2AciLen0S4tdzb5ktCriH2bJsp0PEA
b+a6/AM+jPh6WxHERbUBrqiQdbac+NPYE8DrSoQYkGUqaop1fz5i/AFBwK/iryM7
85WNVOYgNkuKJb1fqdG0d1L/0sFS15e1mfGHX9S5JsJttUiMmpxJ5oCegwuZJALK
wreR8Ji4eJw=
=Jwxv
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: