sshd kill all sessions on deamon stop

sshd kill all sessions on deamon stop

[Peer Dietzmann]

Hi All,

I discovered, that while rebooting an IPFire instance via SSH my 
terminal keeps stuck after the broadcast message because IPFire isn't 
closing all active connection correctly. As it is annoying especially 
when using SSH in SSH connections because all connections have to be 
reopened manually, I thought of adding just one line to the init-script 
that closes all running sessions.

Best regards,

Peer


diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd
index e5a9931af..e69904c61 100644
--- a/src/initscripts/system/sshd
+++ b/src/initscripts/system/sshd
@@ -50,6 +50,7 @@ case "$1" in
      stop)
          boot_mesg "Stopping SSH Server..."
          killproc -p "/var/run/sshd.pid" /usr/sbin/sshd || true
+        killall sshd-session
          ;;

      reload)

Re: sshd kill all sessions on deamon stop

[Michael Tremer]

Hello Peer,

Thank you for your email.

I understand what you want to achieve here, but I don’t quite unterstand why. Why would those sessions need to be closed?

Your patch would have some other consequences which I don’t think you intend. For example, if someone would install an update using a SSH console and if that update upgrades OpenSSH and restarts it abort the update. The process would terminate the updater and you would be left with an incomplete update.

I suppose what we could think about is to move terminating the SSH daemon before the network is being shut down. Would that fix your problem?

-Michael

> On 24 Aug 2025, at 07:25, Peer Dietzmann <dietzmann@brecht-schule.hamburg> wrote:
> 
> Hi All,
> 
> I discovered, that while rebooting an IPFire instance via SSH my terminal keeps stuck after the broadcast message because IPFire isn't closing all active connection correctly. As it is annoying especially when using SSH in SSH connections because all connections have to be reopened manually, I thought of adding just one line to the init-script that closes all running sessions.
> 
> Best regards,
> 
> Peer
> 
> 
> diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd
> index e5a9931af..e69904c61 100644
> --- a/src/initscripts/system/sshd
> +++ b/src/initscripts/system/sshd
> @@ -50,6 +50,7 @@ case "$1" in
>      stop)
>          boot_mesg "Stopping SSH Server..."
>          killproc -p "/var/run/sshd.pid" /usr/sbin/sshd || true
> +        killall sshd-session
>          ;;
> 
>      reload)
> 
> 

Re: Re: sshd kill all sessions on deamon stop

[Peer Dietzmann]

Hi Michael,

On 24/08/2025 14:55, Michael Tremer wrote:
> Hello Peer,
>
> Thank you for your email.
>
> I understand what you want to achieve here, but I don’t quite unterstand why. Why would those sessions need to be closed?
As those sessions aren't restored after a reboot, these sessions are 
then useless and have to be closed anyway. I think this could be done 
automatically by IPFire.
>
> Your patch would have some other consequences which I don’t think you intend. For example, if someone would install an update using a SSH console and if that update upgrades OpenSSH and restarts it abort the update. The process would terminate the updater and you would be left with an incomplete update.
>
> I suppose what we could think about is to move terminating the SSH daemon before the network is being shut down. Would that fix your problem?

I understand your explanation, I was unsure if my patch would also 
affect the updater, but the solution you supposed would also fix the 
problem I tried to solve with my patch. Could you add this to the 
corresponding script?

Thanks in advance!

Best regards,

Peer

>
> -Michael
>
>> On 24 Aug 2025, at 07:25, Peer Dietzmann <dietzmann@brecht-schule.hamburg> wrote:
>>
>> Hi All,
>>
>> I discovered, that while rebooting an IPFire instance via SSH my terminal keeps stuck after the broadcast message because IPFire isn't closing all active connection correctly. As it is annoying especially when using SSH in SSH connections because all connections have to be reopened manually, I thought of adding just one line to the init-script that closes all running sessions.
>>
>> Best regards,
>>
>> Peer
>>
>>
>> diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd
>> index e5a9931af..e69904c61 100644
>> --- a/src/initscripts/system/sshd
>> +++ b/src/initscripts/system/sshd
>> @@ -50,6 +50,7 @@ case "$1" in
>>       stop)
>>           boot_mesg "Stopping SSH Server..."
>>           killproc -p "/var/run/sshd.pid" /usr/sbin/sshd || true
>> +        killall sshd-session
>>           ;;
>>
>>       reload)
>>
>>
-- 
Mit freundlichem Gruß
Peer Dietzmann

Brecht-IT  | Administration und Support

Brecht-Schule Hamburg GmbH
Norderstrasse 163-165 | 20097 Hamburg
Tel.: +49 40 21 11 12 - 37 | Fax: +49 40 21 11 12 - 20
E-Mail: dietzmann@brecht-schule.hamburg | www.brecht-schule.hamburg

Diese Email enthält ggfs. vertrauliche und/oder rechtlich geschützte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese Email irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Email.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Email ist nicht gestattet.