Add a session cleanup script and a systemd unit file to trigger it, which serves to terminate SSH sessions cleanly if systemd doesn't do that itself, often because libpam-systemd is not installed (thanks, Vivek Das Mohapatra, Tom Hutter, and others; closes: #751636).

2 files changed, 24 insertions, 0 deletions

diff --git a/debian/systemd/ssh-session-cleanup b/debian/systemd/ssh-session-cleanup
new file mode 100755
index 000000000..f283cc967
--- /dev/null
+++ b/debian/systemd/ssh-session-cleanup
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+ssh_session_pattern='sshd: \S.*@pts/[0-9]+'
+
+IFS="$IFS@"
+pgrep -a -f "$ssh_session_pattern" | while read pid daemon user pty; do
+        echo "Found ${daemon%:} session $pid on $pty; sending SIGTERM"
+        kill "$pid" || true
+done
+
+exit 0
diff --git a/debian/systemd/ssh-session-cleanup.service b/debian/systemd/ssh-session-cleanup.service
new file mode 100644
index 000000000..b86727227
--- /dev/null
+++ b/debian/systemd/ssh-session-cleanup.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=OpenBSD Secure Shell session cleanup
+Wants=network.target
+After=network.target
+
+[Service]
+ExecStart=/bin/true
+ExecStop=/usr/lib/openssh/ssh-session-cleanup
+RemainAfterExit=yes
+Type=oneshot
+
+[Install]
+WantedBy=multi-user.target