FS#31250 - [openssh] shutdown of systemd install doesn't notify/close client connections
Attached to Project:
Arch Linux
Opened by c (c) - Wednesday, 22 August 2012, 17:24 GMT
Last edited by Gaetan Bisson (vesath) - Sunday, 14 October 2012, 10:28 GMT
Opened by c (c) - Wednesday, 22 August 2012, 17:24 GMT
Last edited by Gaetan Bisson (vesath) - Sunday, 14 October 2012, 10:28 GMT
|
Details
Description:
IIRC initscripts or openssh's init script has code to notify or close client connections on shutdown. Without that if you shutdown a machine from within an ssh session the ssh client has to wait a long time before it aborts with a pipe error. Additional info: * 6.0p1-3 Steps to reproduce: * ssh to systemd install * sudo halt -p |
This task depends upon
Closed by Gaetan Bisson (vesath)
Sunday, 14 October 2012, 10:28 GMT
Reason for closing: Won't fix
Additional comments about closing: Nothing we can do until upstream comes up with something magic. Feel free to reopen then.
Sunday, 14 October 2012, 10:28 GMT
Reason for closing: Won't fix
Additional comments about closing: Nothing we can do until upstream comes up with something magic. Feel free to reopen then.
So unless you can suggest a clean, one-line solution, I am unlikely to implement anything.
I know that Fedora with systemd works the same as initscripts with the workaround. I agree that the existing initscripts solution is not the right way. We should look over there and see how they fixed it. I don't think they use ServerAliveInternal as the disconnect is immediate and not with a short timeout due to a low ServerAliveInternal setting.
Did you run:
a) systemctl enable sshd.service; systemctl start sshd.service
b) systemctl enable sshd.socket; systemct; start sshd.socket
c) cowsay "moo"
Is sshd.socket the on-demand version akin to inetd style of activation? Does that spawn one sshd per connection? I suppose it's configurable in systemd's unit file support.
Could you try adding After=network.target to systemd-user-sessions.service. This means that all user sessions are shut down before the network connection is broken. If I understand correctly, stopping sshd.service will not necessarily kill the open ssh connections, so adding a dependency there won't help.
Could someone confirm/refute this theory? Even if this works it is not ideal as it means boot will be slowed down by not allowing anyone to log in until the network daemon has been started and possibly a network connection set up. If it works I'll try to come up with a better compromise and send it upstream.
Edit: I tried it on another machine, does not work there. It still hangs instead of logging out when trying to reboot via ssh.
Edit2: On the first machine (mentioned before edit) it works without this solution now. WTF.
I think this means that adding After=network.target to systemd-user-sessions.service does not help.. sry :(
So I think it might just be one of those problems for which we cannot provide a satisfying solution out of the box, and which is up to system administrators to address.
I think this should work just fine (but I might obviously be missing something).
Fedora 18's sshd.service doesn't seem to do anything particularly special to avoid the issue (though I see they also include 'network.target' in After, but probably not for the same reason I did): http://pkgs.fedoraproject.org/cgit/openssh.git/tree/sshd.service?h=f18
Fedora: http://pkgs.fedoraproject.org/cgit/openssh.git/tree/sshd.pam?h=f18
Arch: https://projects.archlinux.org/svntogit/packages.git/tree/trunk/sshd.pam?h=packages/openssh
http://pkgs.fedoraproject.org/cgit/pam.git/tree/password-auth.pamd