From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4c91s61pqbz2y1D for ; Sun, 24 Aug 2025 17:59:22 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4c91s24y3yz2xQT for ; Sun, 24 Aug 2025 17:59:18 +0000 (UTC) Received: from regulus.brecht-schule.hamburg (regulus.brecht-schule.hamburg [84.46.83.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "regulus.brecht-schule.hamburg", Issuer "R11" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4c91s11l2lz3nS for ; Sun, 24 Aug 2025 17:59:17 +0000 (UTC) Authentication-Results: mail01.ipfire.org; dkim=pass header.d=brecht-schule.hamburg header.s=202101ed25519 header.b=4n+HBNoo; dkim=pass header.d=brecht-schule.hamburg header.s=202101rsa header.b=j+9aiaHC; dmarc=pass (policy=reject) header.from=brecht-schule.hamburg; spf=pass (mail01.ipfire.org: domain of dietzmann@brecht-schule.hamburg designates 84.46.83.131 as permitted sender) smtp.mailfrom=dietzmann@brecht-schule.hamburg ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1756058357; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=92TqL32U6xIVLe/05SDRkr9FKLU9/ljlCfI+7EWPO7o=; b=L8hnwtbkng46AyJJK1cNARnBW8jNyKBWE83bk2haLD3kkhYu1Jszbu58fjOx7gOIUTJS+y 0KYnL4LbwBXTmQbg7T0e/XXV7s8u7WMjiI/W4rY+laZIopgmq9Xjv9o0C0SYpdOnzfL76d jUfQftqU/ZdoWPCvQzq9yDqgoBWhFWeeba9mb38eKtlfyDnDD53/twD0yDaaFPb6CyISXK rMZZLbFARdpj1xYXniP039H4SyvNr/LEb+ILbkWMqAEmrLPFX9ENfZThVoS+usZP0+A2nH 13l36euJerr6vcVbI/gmlUizFglAMIPznV8XndHk0t7RaN1u77aTIwK4cWENFw== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=brecht-schule.hamburg header.s=202101ed25519 header.b=4n+HBNoo; dkim=pass header.d=brecht-schule.hamburg header.s=202101rsa header.b=j+9aiaHC; dmarc=pass (policy=reject) header.from=brecht-schule.hamburg; spf=pass (mail01.ipfire.org: domain of dietzmann@brecht-schule.hamburg designates 84.46.83.131 as permitted sender) smtp.mailfrom=dietzmann@brecht-schule.hamburg ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1756058357; a=rsa-sha256; cv=none; b=x7JVP4aeKYCiFGcI/Nq6uYfFeuYCum3VbhMb7iizRiWYa7DUP7DQ/3ff81BvoU42ca+Hhf YuKTsWpIhJzwxy2QOiEdBkScsZ7fZEwde75QE6oIs/0isEeABvHMnx9UyWUalRY1i/35cN vxzx4VzXzFrS9RwV+2dOHhrxtm4L7yMBw6ZlramudhrbH4ORdXDbZuTKK8J/1A+J8H4yCi eOLmV9XTgQDRl+t8UymXRRXJiOCmmOL3yQfL9HQ3p5x+9qfmlQnc63YyF6XqHXR2jXEVG3 sy00Y7TyokmasRLqlV+24iVl03y8b+VTG+LjHVWOjvS6hU0D7P5vk8eBCY7q/Q== Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by regulus.brecht-schule.hamburg (Postfix) with ESMTPSA id 4c91rx631jzgYgR; Sun, 24 Aug 2025 19:59:13 +0200 (CEST) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=brecht-schule.hamburg; s=202101ed25519; t=1756058354; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=92TqL32U6xIVLe/05SDRkr9FKLU9/ljlCfI+7EWPO7o=; b=4n+HBNoo6JDO9XCZnZjoKmJrgQHYgH/NxvYgTaMchDpGTLTQi2JVK5nDo+SQzSj+BilcfT yr5JvhMggQWLYCCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brecht-schule.hamburg; s=202101rsa; t=1756058355; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=92TqL32U6xIVLe/05SDRkr9FKLU9/ljlCfI+7EWPO7o=; b=j+9aiaHC+b/teQb+B2VUOFnRYLfZkYyG9EGfawAgeR1t6cdIObg9fMR4rdnJf/IzccvdFL 3V5ZEETttVWY8j4nnUiyBcnubvKYMsffMsv7gnY4nFo/giLhPn2Umaq4fiiDuARZXJujTG FfxktoOEg4D78FqdDxaSi9V7NlykNS+YT+k2hq8rRt9fH3zOISujIS1FnokVBgyQKcuLs/ 6G4IG2nkgqcGJMsRxW7DHUBXn7W/3KmVk5mt42l4dxCR61TgPEz2JdoOXJznSRdhiubcEv WVvPNkX0nm7osU2yrlbg13VxQxm/Iqs5TANVuaO6TVnpqFoyXxcCGaOq0DEbVA== Message-ID: <0c7d2437-8253-44ef-a5e9-b02800db8e87@brecht-schule.hamburg> Date: Sun, 24 Aug 2025 19:59:03 +0200 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: Re: Re: sshd kill all sessions on deamon stop Content-Language: en-US To: Michael Tremer Cc: development@lists.ipfire.org, Peer Dietzmann References: <6d9b9a50-4479-422f-a370-540a59fa6959@brecht-schule.hamburg> From: Peer Dietzmann In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Server: mail01.haj.ipfire.org X-Rspamd-Queue-Id: 4c91s11l2lz3nS X-Rspamd-Action: no action X-Spamd-Result: default: False [-12.00 / 11.00]; BAYES_HAM(-2.98)[99.93%]; DWL_DNSWL_MED(-2.00)[brecht-schule.hamburg:dkim]; R_DKIM_ALLOW(-1.64)[brecht-schule.hamburg:s=202101ed25519,brecht-schule.hamburg:s=202101rsa]; IP_REPUTATION_HAM(-1.24)[asn: 15943(-0.36), country: DE(0.00), ip: 84.46.83.131(-0.89)]; NEURAL_HAM(-1.00)[-1.000]; SPF_REPUTATION_HAM(-0.91)[-0.9109370439462]; DKIM_REPUTATION(-0.91)[-0.91065456536149]; DMARC_POLICY_ALLOW(-0.50)[brecht-schule.hamburg,reject]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:84.46.83.131:c]; RCVD_IN_DNSWL_MED(-0.20)[84.46.83.131:from]; ONCE_RECEIVED(0.20)[]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FUZZY_RATELIMITED(0.00)[rspamd.com]; RECEIVED_HELO_LOCALHOST(0.00)[]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; MID_RHS_MATCH_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:15943, ipnet:84.46.0.0/17, country:DE]; DKIM_TRACE(0.00)[brecht-schule.hamburg:+]; MISSING_XM_UA(0.00)[]; FROM_HAS_DN(0.00)[] Hi Michael, On 24/08/2025 14:55, Michael Tremer wrote: > Hello Peer, > > Thank you for your email. > > I understand what you want to achieve here, but I don’t quite unterstand why. Why would those sessions need to be closed? As those sessions aren't restored after a reboot, these sessions are then useless and have to be closed anyway. I think this could be done automatically by IPFire. > > Your patch would have some other consequences which I don’t think you intend. For example, if someone would install an update using a SSH console and if that update upgrades OpenSSH and restarts it abort the update. The process would terminate the updater and you would be left with an incomplete update. > > I suppose what we could think about is to move terminating the SSH daemon before the network is being shut down. Would that fix your problem? I understand your explanation, I was unsure if my patch would also affect the updater, but the solution you supposed would also fix the problem I tried to solve with my patch. Could you add this to the corresponding script? Thanks in advance! Best regards, Peer > > -Michael > >> On 24 Aug 2025, at 07:25, Peer Dietzmann wrote: >> >> Hi All, >> >> I discovered, that while rebooting an IPFire instance via SSH my terminal keeps stuck after the broadcast message because IPFire isn't closing all active connection correctly. As it is annoying especially when using SSH in SSH connections because all connections have to be reopened manually, I thought of adding just one line to the init-script that closes all running sessions. >> >> Best regards, >> >> Peer >> >> >> diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd >> index e5a9931af..e69904c61 100644 >> --- a/src/initscripts/system/sshd >> +++ b/src/initscripts/system/sshd >> @@ -50,6 +50,7 @@ case "$1" in >> stop) >> boot_mesg "Stopping SSH Server..." >> killproc -p "/var/run/sshd.pid" /usr/sbin/sshd || true >> + killall sshd-session >> ;; >> >> reload) >> >> -- Mit freundlichem Gruß Peer Dietzmann Brecht-IT | Administration und Support Brecht-Schule Hamburg GmbH Norderstrasse 163-165 | 20097 Hamburg Tel.: +49 40 21 11 12 - 37 | Fax: +49 40 21 11 12 - 20 E-Mail: dietzmann@brecht-schule.hamburg | www.brecht-schule.hamburg Diese Email enthält ggfs. vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese Email irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Email. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Email ist nicht gestattet.