From 556ee3d2d433dc70512003667398f0979b0940a9 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 29 Jul 2016 02:22:51 +0100 Subject: Stop enabling ssh-session-cleanup.service by default; instead, ship it as an example and add a section to README.Debian. libpam-systemd >= 230 and "UsePAM yes" should take care of the original problem for most systemd users (thanks, Michael Biebl; closes: #832155). --- debian/README.Debian | 19 +++++++++++++++++++ debian/changelog | 9 +++++++++ debian/openssh-server.examples | 1 + debian/openssh-server.install | 1 - debian/rules | 6 ------ 5 files changed, 29 insertions(+), 7 deletions(-) diff --git a/debian/README.Debian b/debian/README.Debian index d26e5a39d..f0e5bea24 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -232,6 +232,25 @@ it listen on a different address or port, then you will need to do this by copying /lib/systemd/system/ssh.socket to /etc/systemd/system/ssh.socket and modifying the ListenStream option. See systemd.socket(5) for details. +Terminating SSH sessions cleanly on shutdown/reboot with systemd +---------------------------------------------------------------- + +If you have libpam-systemd >= 230 installed (following openssh-server's +Recommends) and "UsePAM yes" in sshd_config (the default configuration +shipped by this package), then SSH sessions will be terminated cleanly when +the server is shut down or rebooted. + +If either of these conditions does not hold, then you may find that SSH +sessions hang silently when the server is shut down or rebooted. If you do +not want to use PAM or configure it properly for whatever reason, then you +can instead copy +/usr/share/doc/openssh-server/examples/ssh-session-cleanup.service to +/etc/systemd/system/ and run "systemctl enable ssh-session-cleanup.service". + +Non-systemd users may find /usr/lib/openssh/ssh-session-cleanup helpful if +they have a similar problem, although at present there is no system +integration for this for anything other than systemd. + -- Matthew Vernon Colin Watson diff --git a/debian/changelog b/debian/changelog index e81c667cc..0977bc8c9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +openssh (1:7.2p2-8) UNRELEASED; urgency=medium + + * Stop enabling ssh-session-cleanup.service by default; instead, ship it + as an example and add a section to README.Debian. libpam-systemd >= 230 + and "UsePAM yes" should take care of the original problem for most + systemd users (thanks, Michael Biebl; closes: #832155). + + -- Colin Watson Thu, 28 Jul 2016 22:04:37 +0100 + openssh (1:7.2p2-7) unstable; urgency=medium * Don't stop the ssh-session-cleanup service on upgrade (closes: #832155). diff --git a/debian/openssh-server.examples b/debian/openssh-server.examples index 0d0e55a7a..ef6eb5468 100644 --- a/debian/openssh-server.examples +++ b/debian/openssh-server.examples @@ -1 +1,2 @@ sshd_config +debian/systemd/ssh-session-cleanup.service diff --git a/debian/openssh-server.install b/debian/openssh-server.install index dabc440ab..f696de231 100755 --- a/debian/openssh-server.install +++ b/debian/openssh-server.install @@ -11,7 +11,6 @@ debian/systemd/ssh.socket lib/systemd/system debian/systemd/ssh@.service lib/systemd/system debian/systemd/sshd.conf usr/lib/tmpfiles.d debian/systemd/ssh-session-cleanup usr/lib/openssh -debian/systemd/ssh-session-cleanup.service lib/systemd/system # dh_apport would be neater, but at the time of writing it isn't in unstable # yet. diff --git a/debian/rules b/debian/rules index 540418e7b..3a8c86cdc 100755 --- a/debian/rules +++ b/debian/rules @@ -215,12 +215,6 @@ override_dh_installdocs: override_dh_systemd_enable: dh_systemd_enable -popenssh-server --name ssh ssh.service dh_systemd_enable -popenssh-server --name ssh --no-enable ssh.socket - dh_systemd_enable -popenssh-server --name ssh-session-cleanup \ - ssh-session-cleanup.service - -override_dh_systemd_start: - dh_systemd_start -popenssh-server --no-restart-on-upgrade \ - ssh-session-cleanup.service override_dh_installinit: dh_installinit -R --name ssh -- cgit v1.2.3