[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#832155: marked as done (New ssh-session-cleanup.service kills ssh user session during upgrade)

Your message dated Sat, 23 Jul 2016 10:52:25 +0000
with message-id <E1bQuXh-0006zM-0l@franck.debian.org>
and subject line Bug#832155: fixed in openssh 1:7.2p2-7
has caused the Debian Bug report #832155,
regarding New ssh-session-cleanup.service kills ssh user session during upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
832155: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832155
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:7.2p2-6
Severity: serious

Hi,

the addition of ssh-session-cleanup.service in the latest upload [1] is
imho a bad idea. It's an aweful hack and besides, it also kills your SSH
sessions on upgrades (thus severity RC).

The proper fix is to use libpam-systemd. This will register a proper
session scope when users log in via SSH. Those session scopes are
ordered against systemd-user-sessions.service which itself has a proper
ordering against network.target. So those user session are stopped
before the network stack is shutdown.

Please drop ssh-session-cleanup.service again and simply add a
dependency on libpam-systemd. It's the correct solution for this
problem.

Regards,
Michael

[1] https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?id=b66f1de1c94

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii  adduser                3.115
ii  debconf [debconf-2.0]  1.5.59
ii  dpkg                   1.18.9
ii  init-system-helpers    1.39
ii  libaudit1              1:2.6.5-1
ii  libc6                  2.23-2
ii  libcomerr2             1.43.1-1
ii  libgssapi-krb5-2       1.14.2+dfsg-1
ii  libkrb5-3              1.14.2+dfsg-1
ii  libpam-modules         1.1.8-3.3
ii  libpam-runtime         1.1.8-3.3
ii  libpam0g               1.1.8-3.3
ii  libselinux1            2.5-3
ii  libssl1.0.2            1.0.2h-1
ii  libsystemd0            230-7
ii  libwrap0               7.6.q-25
ii  lsb-base               9.20160629
ii  openssh-client         1:7.2p2-6
ii  openssh-sftp-server    1:7.2p2-6
ii  procps                 2:3.3.12-2
ii  zlib1g                 1:1.2.8.dfsg-2+b1

Versions of packages openssh-server recommends:
ii  ncurses-term  6.0+20160625-1
ii  xauth         1:1.0.9-1

Versions of packages openssh-server suggests:
ii  ksshaskpass [ssh-askpass]  4:5.7.0-1
pn  molly-guard                <none>
pn  monkeysphere               <none>
pn  rssh                       <none>
ii  ssh-askpass                1:1.2.4.1-9
pn  ufw                        <none>

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:7.2p2-7

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 832155@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 23 Jul 2016 11:46:33 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.2p2-7
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 832155
Changes:
 openssh (1:7.2p2-7) unstable; urgency=medium
 .
   * Don't stop the ssh-session-cleanup service on upgrade (closes: #832155).
     This may cause SSH sessions to be killed on upgrade to *this* version if
     you had previously installed 1:7.2p2-6.  Sorry!  If your session is
     killed, you can recover using "dpkg --unpack" on this openssh-server
     .deb, followed by "dpkg --configure -a".
   * Recommend libpam-systemd from openssh-server.  It's a much better
     solution than the above for systemd users, but I'm wary of depending on
     it in case I cause an assortment of exciting dependency problems on
     upgrade for non-systemd users.
Checksums-Sha1:
 3f9152843ba8001e19eb827e56a072090a156862 2884 openssh_7.2p2-7.dsc
 6c1b08f62d6982a637543c31fa021ae4a9f38146 154264 openssh_7.2p2-7.debian.tar.xz
Checksums-Sha256:
 1a4f4416a0908334453bbb6f699d1ede223db90e2a26fe22c31bcf871a1c5b1b 2884 openssh_7.2p2-7.dsc
 9558ed8bf86c2af46b89161b6722b722594db983b350cebe214c73c8a6d4f808 154264 openssh_7.2p2-7.debian.tar.xz
Files:
 fff56f69b14aa2c69b71cbda34f1eb25 2884 net standard openssh_7.2p2-7.dsc
 e9ca3395751ca42500a3f187e335d112 154264 net standard openssh_7.2p2-7.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBV5NLHzk1h9l9hlALAQiqiRAAmiFTMe2sGIIQbImYjyfQ4FizP9LpiD2W
LJl+gXEhm9erxRmrzGu/xjAeJkwPclbuGxxyeTUkO/dflyByPDo1SjuYmKosPpTG
6GdCQSTdqNOFlTAzyQEIROx1gPNM/nTWINvg5hU2YYIwHSNt2Ja0AEMDIbL4Z8Ce
dxYusExP23IMl1LBRiHNNQJUONHI30beV2vRdNsiDBp7J6bSX0zZN/5DJrQX2D4d
K+vTQ/xGCK5jwuEUyJzQ2yfF/EOgqHSIW5AfE25rbvfLf8Ri8vokTTGeluntSeBx
XpUco2tzZLl81qWYpalxloRAo5or+QQY8SPjB3l8HapXkB3kjKndkHXnHSdE2TWB
zkDCnpDiedyQwSJTvVkk9Gv85+kfKofXHpoVot/d0L7kIKZ+rvVZlzNW1vUS32By
/3II47OBSqzjO/+XA3jNYOKQAN5GtimaLPwAPYDcGUnVARuE4rnMBp6gF8GWupsa
gd9h5uA2MPcy34z9reqiRao0llp35mmaIEEXQL3FDgNPDl4bYZXDHJH1dJ3EXPkb
lzy76qobUID6kkYmtkGgyd0U94h6TRCE/yrxrMP1KCPTnPkhDnT3qmMvosHPuECU
jwqh+HGL2y98ucZbjXyzrJjgqXKqMI2RkQSG0S3gsLX4yBMmGxTzvzSVwi9K8jcO
0KBfEux/+AU=
=79hq
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: