| Message ID | 6d9b9a50-4479-422f-a370-540a59fa6959@brecht-schule.hamburg |
|---|---|
| State | New |
| Headers |
Return-Path: <development+bounces-835-patchwork=ipfire.org@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
by web04.haj.ipfire.org (Postfix) with ESMTPS id 4c8kST3Wr9z3wbG
for <patchwork@web04.haj.ipfire.org>; Sun, 24 Aug 2025 06:25:29 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org
[IPv6:2001:678:b28::201])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange x25519)
(Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK))
by mail01.ipfire.org (Postfix) with ESMTPS id 4c8kSS25kQz5TY
for <patchwork@ipfire.org>; Sun, 24 Aug 2025 06:25:28 +0000 (UTC)
Authentication-Results: mail01.ipfire.org;
dkim=pass header.d=brecht-schule.hamburg header.s=202101ed25519
header.b=GysbqEy6;
dkim=pass header.d=brecht-schule.hamburg header.s=202101rsa
header.b=UdBva8PB;
dmarc=pass (policy=reject) header.from=brecht-schule.hamburg;
arc=pass ("lists.ipfire.org:s=202003rsa:i=1");
spf=softfail (mail01.ipfire.org: 2001:678:b28::201 is neither permitted nor
denied by domain of
"development+bounces-835-patchwork=ipfire.org@lists.ipfire.org")
smtp.mailfrom="development+bounces-835-patchwork=ipfire.org@lists.ipfire.org"
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
s=202003rsa; t=1756016728;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:list-id:list-help:
list-unsubscribe:list-subscribe:list-post:dkim-signature;
bh=f8UFPsINmKQsl6R1dYpat0M1p2sHnCGqhsyhFkS92AQ=;
b=Zz+Twzu7vTrswJ2qG1PVIBl1B0nfO23mFZBqCrnjdH+eOe3GegAWGSfL+a3jkRxQzIOLJL
C/WDfEe7XZIFIRtz9mQKJcc05dUqV7Y6uUb3NvAS3aGHP5QwRpBv+FymkXA3oK41bBBk1w
n2U/8Asw3n4Cgay3G6ahFzxM2Uhwk5X4twnGuJuNewUsOO9R72c05Jz9TG0Wcalcg1ep3p
S4hZJd1L0wqD8Gw4K0yI4p6iXvs75qd5LFmXJnLrssk7jw9cLvDH2V9Z/w+M53kNRiOkrH
s4SOL0Zra3f8a6oeRz70/0ldK92RBsMPQ8UpLbxlKOmDWuMwEx5KVSRRflj5Iw==
ARC-Authentication-Results: i=2;
mail01.ipfire.org;
dkim=pass header.d=brecht-schule.hamburg header.s=202101ed25519
header.b=GysbqEy6;
dkim=pass header.d=brecht-schule.hamburg header.s=202101rsa
header.b=UdBva8PB;
dmarc=pass (policy=reject) header.from=brecht-schule.hamburg;
arc=pass ("lists.ipfire.org:s=202003rsa:i=1");
spf=softfail (mail01.ipfire.org: 2001:678:b28::201 is neither permitted nor
denied by domain of
"development+bounces-835-patchwork=ipfire.org@lists.ipfire.org")
smtp.mailfrom="development+bounces-835-patchwork=ipfire.org@lists.ipfire.org"
ARC-Seal: i=2; s=202003rsa; d=ipfire.org; t=1756016728; a=rsa-sha256;
cv=pass;
b=CpgikstEbrwCFJkpybt5eAZfR/JgfvIf1y0vCJnD2xxUP4YNrWlG93dnkXE7PoXx7KOwn6
PY3V1sv2mHelAboGjyyJqv9FBavMEHEuqEbkJaiMX1FIPHFlw5JwcU8ocwmdxS4T9nFCt0
Y+1ySEdGA5FG6YKtDQfiZSn+mTJGdwu4uvD3bTJr6bDZM5T1aE1+rzUTOoVn+i/icFdrsm
VmMPkxc6GkiRiGllmz3rONEwKhVrUXCMKgcvocjcyZ142QsxFa0l8QDTVESg5kNDKdlfvU
WBUoe3Fhf9s0DxOuLDyduuRN2OEUHkrXTae/CNUrlRmjhgq64k5jdX8UJwgf7Q==
Received: from mail02.haj.ipfire.org (localhost [IPv6:::1])
by mail02.haj.ipfire.org (Postfix) with ESMTP id 4c8kSS1NY1z2yxC
for <patchwork@ipfire.org>; Sun, 24 Aug 2025 06:25:28 +0000 (UTC)
X-Original-To: development@lists.ipfire.org
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4c8kSP3DVvz2xLt
for <development@lists.ipfire.org>; Sun, 24 Aug 2025 06:25:25 +0000 (UTC)
Received: from regulus.brecht-schule.hamburg (regulus.brecht-schule.hamburg
[84.46.83.131])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest
SHA256
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "regulus.brecht-schule.hamburg", Issuer "R11" (verified OK))
by mail01.ipfire.org (Postfix) with ESMTPS id 4c8kSN2649z130
for <development@lists.ipfire.org>; Sun, 24 Aug 2025 06:25:24 +0000 (UTC)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=lists.ipfire.org;
s=202003rsa; t=1756016724;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:dkim-signature;
bh=f8UFPsINmKQsl6R1dYpat0M1p2sHnCGqhsyhFkS92AQ=;
b=u/BKksBsvDzyUBJATahhcCFZY/SmiZtxjSmQk0QoC7EjqUvYD3BZexboZoPrI8Nu8e00We
8JL/oa3vqS48gyGBEoyeUCJZuhsTgS0w9A379tif829g4IdzAMCJc9KSEIG9xNQgX9aW15
KYGHN6bmbnS1fnPDThLUsG1lMcBxPX0nErVzBJ3GOByEcAlKdMLf5JAakLpdNTuYM/RynY
IvPeZ2ENwQQ5cwI3rPhU9L0KC1SEeB77hGtkQzIuV3l4McPQ+gEaNr9H3uQ/RH9IYYOCJb
ulQEIl0X0Xw1SH0Brh2pGmjQquYNmrsiZbUFN3dMUkQfX3FWmoCZ8Olb7Y6BwQ==
ARC-Authentication-Results: i=1;
mail01.ipfire.org;
dkim=pass header.d=brecht-schule.hamburg header.s=202101ed25519
header.b=GysbqEy6;
dkim=pass header.d=brecht-schule.hamburg header.s=202101rsa
header.b=UdBva8PB;
dmarc=pass (policy=reject) header.from=brecht-schule.hamburg;
spf=pass (mail01.ipfire.org: domain of dietzmann@brecht-schule.hamburg
designates 84.46.83.131 as permitted sender)
smtp.mailfrom=dietzmann@brecht-schule.hamburg
ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1756016724; a=rsa-sha256;
cv=none;
b=X55cnv7gd/F2zltwy7qnhlJG+8FVrUUnPWNKXuB3umnHoqbtHQMeAPKYK+nAP2D/qYqt9k
u0ltwxbHddtLhLzMRGIzto1rYbY4jl1DDdWxiQZL0SQNo2i72CgaIsBCHvDD9k5bHEAw8h
auyzfZZ1cEgBsyTeGMMpw2snvWM/5CKMPIMLmMg8dsNSklm4RxTUXhrZmiaMRqG2tezwHk
63s10yUP1iIjiG0Vb2CyuWg1JkgedbbAVSBloJzxkScK3uwgKFwZW4G4IMqYDCg+mGdq1k
moS5rmG4iXdq7gEt3v4cGB0ekt1Wrt+CZlvvo3PlZ0I1qf6ch3FJbosHQPQcwg==
Received: from [127.0.0.1] (localhost [127.0.0.1])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
SHA256)
(No client certificate requested)
by regulus.brecht-schule.hamburg (Postfix) with ESMTPSA id 4c8kSM1PZlzgYcM;
Sun, 24 Aug 2025 08:25:23 +0200 (CEST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;
d=brecht-schule.hamburg;
s=202101ed25519; t=1756016723;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=f8UFPsINmKQsl6R1dYpat0M1p2sHnCGqhsyhFkS92AQ=;
b=GysbqEy6hAhIYPP76mbgovOfNJO3YuuA+hm2OQwzk1hkvVbX2LBh17H5Qwjnz4eqvVsLgN
XuNR/o1Le8xg65Bg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brecht-schule.hamburg;
s=202101rsa; t=1756016723;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=f8UFPsINmKQsl6R1dYpat0M1p2sHnCGqhsyhFkS92AQ=;
b=UdBva8PBGRywubBXy9OZx79jLeFChhVTK8sB3fuBW32ayWY55/0P1ZCIa48zg6rI1np5js
wnp7gQ1BPSesDByz7iuzioTjjxmQtdF/DW62ANw+jxXqKhHR+9EPF76KWtZf245KajAyvp
kpJWoW3tTH35KyxoU6Ll0t4MOrhA/SPZQRhQv8SEOTmCERMK375nux2HoXL889oz3EieCs
xygmMDdEIfU87QMxFe2v7OIpI7rsXnT2UaZZEwellu3GV/qMWmsiwp3lMS0Am00a7oplzN
khiTtRpcdFNbprkKSiUace044Mbgj59Z+zVh6WLgycoAa1SWa45liZMs5pfcBw==
Message-ID: <6d9b9a50-4479-422f-a370-540a59fa6959@brecht-schule.hamburg>
Date: Sun, 24 Aug 2025 08:25:22 +0200
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
<mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
<mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
MIME-Version: 1.0
Content-Language: en-US
To: development@lists.ipfire.org
Cc: Peer Dietzmann <dietzmann@brecht-schule.hamburg>
From: Peer Dietzmann <dietzmann@brecht-schule.hamburg>
Subject: sshd kill all sessions on deamon stop
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: mail01.haj.ipfire.org
X-Rspamd-Queue-Id: 4c8kSS25kQz5TY
X-Rspamd-Action: no action
X-Spamd-Result: default: False [-13.28 / 11.00];
BAYES_HAM(-3.00)[99.99%];
FROM_INTERNAL_BULK_SENDERS(-2.00)[2001:678:b28::201];
DWL_DNSWL_MED(-2.00)[brecht-schule.hamburg:dkim];
R_DKIM_ALLOW(-1.64)[brecht-schule.hamburg:s=202101ed25519,brecht-schule.hamburg:s=202101rsa];
NEURAL_HAM(-1.00)[-1.000];
ARC_ALLOW(-1.00)[lists.ipfire.org:s=202003rsa:i=1];
DKIM_REPUTATION(-0.91)[-0.91065442339242];
RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50)[];
IP_REPUTATION_HAM(-0.23)[asn: 204867(-0.07), country: DE(0.00),
ip: 2001:678:b28::(-0.17)];
RCVD_IN_DNSWL_MED(-0.20)[84.46.83.131:received];
MAILLIST(-0.18)[generic];
MIME_GOOD(-0.10)[text/plain];
MX_GOOD(-0.01)[];
HAS_LIST_UNSUB(-0.01)[];
RECEIVED_HELO_LOCALHOST(0.00)[];
RCPT_COUNT_TWO(0.00)[2];
MIME_TRACE(0.00)[0:+];
ARC_SIGNED(0.00)[ipfire.org:s=202003rsa:i=2];
RCVD_COUNT_THREE(0.00)[4];
TO_DN_SOME(0.00)[];
FUZZY_RATELIMITED(0.00)[rspamd.com];
DMARC_POLICY_ALLOW(0.00)[brecht-schule.hamburg,reject];
TAGGED_FROM(0.00)[bounces-835-patchwork=ipfire.org];
R_SPF_SOFTFAIL(0.00)[~all:c];
MID_RHS_MATCH_FROM(0.00)[];
FROM_NEQ_ENVFROM(0.00)[dietzmann@brecht-schule.hamburg,development@lists.ipfire.org];
FROM_HAS_DN(0.00)[];
RCVD_TLS_LAST(0.00)[];
RCVD_VIA_SMTP_AUTH(0.00)[];
MISSING_XM_UA(0.00)[];
ASN(0.00)[asn:204867, ipnet:2001:678:b28::/48, country:DE];
DKIM_TRACE(0.00)[brecht-schule.hamburg:+];
FORGED_RECIPIENTS_MAILLIST(0.00)[];
FORGED_SENDER_MAILLIST(0.00)[]
|
| Series |
sshd kill all sessions on deamon stop
|
|
Commit Message
Peer Dietzmann
24 Aug 2025, 6:25 a.m. UTC
Hi All, I discovered, that while rebooting an IPFire instance via SSH my terminal keeps stuck after the broadcast message because IPFire isn't closing all active connection correctly. As it is annoying especially when using SSH in SSH connections because all connections have to be reopened manually, I thought of adding just one line to the init-script that closes all running sessions. Best regards, Peer
Comments
Hello Peer, Thank you for your email. I understand what you want to achieve here, but I don’t quite unterstand why. Why would those sessions need to be closed? Your patch would have some other consequences which I don’t think you intend. For example, if someone would install an update using a SSH console and if that update upgrades OpenSSH and restarts it abort the update. The process would terminate the updater and you would be left with an incomplete update. I suppose what we could think about is to move terminating the SSH daemon before the network is being shut down. Would that fix your problem? -Michael > On 24 Aug 2025, at 07:25, Peer Dietzmann <dietzmann@brecht-schule.hamburg> wrote: > > Hi All, > > I discovered, that while rebooting an IPFire instance via SSH my terminal keeps stuck after the broadcast message because IPFire isn't closing all active connection correctly. As it is annoying especially when using SSH in SSH connections because all connections have to be reopened manually, I thought of adding just one line to the init-script that closes all running sessions. > > Best regards, > > Peer > > > diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd > index e5a9931af..e69904c61 100644 > --- a/src/initscripts/system/sshd > +++ b/src/initscripts/system/sshd > @@ -50,6 +50,7 @@ case "$1" in > stop) > boot_mesg "Stopping SSH Server..." > killproc -p "/var/run/sshd.pid" /usr/sbin/sshd || true > + killall sshd-session > ;; > > reload) > >
diff --git a/src/initscripts/system/sshd b/src/initscripts/system/sshd index e5a9931af..e69904c61 100644 --- a/src/initscripts/system/sshd +++ b/src/initscripts/system/sshd @@ -50,6 +50,7 @@ case "$1" in stop) boot_mesg "Stopping SSH Server..." killproc -p "/var/run/sshd.pid" /usr/sbin/sshd || true + killall sshd-session ;; reload)