Bug 47233 - stuck connections with ssh reboot using systemd
stuck connections with ssh reboot using systemd
Product: UCS
Classification: Unclassified
Component: PAM
UCS 4.3
Other Linux
: P5 normal with 2 votes (vote)
: UCS 4.4-0-errata
Assigned To: Jannik Ahlers
Arvid Requate
: systemd
Depends on:
Blocks: 49045 49910 49941
  Show dependency treegraph
Reported: 2018-06-22 11:20 CEST by Ingo Sieverdingbeck
Modified: 2019-07-31 09:34 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 5: Will affect all installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.229
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Usability
Max CVSS v3 score:
hahn: Patch_Available+


Note You need to log in before you can comment on or make changes to this bug.
Description Ingo Sieverdingbeck univentionstaff 2018-06-22 11:20:39 CEST
+++ This bug was initially created as a clone of Bug #45215 +++

With systemd "reboot", "halt", "shutdown" is too fast, as the sshd gets killed before the connection is closed down properly. This leads to the ssh session staying around until the TCP timeout kicks in.

 reboot & logout
fixes it.

From #45215:

(In reply to Felix Botner from comment #3)
> OK, works in ec2 utils
> (In reply to Erik Damrose from comment #1)
> > This is not only an issue in UCS Test, it is also annoying while working
> > with UCS in general. We could backport
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751636
> yep, but please open a new bug for UCS
Comment 1 Philipp Hahn univentionstaff 2019-02-06 09:18:58 CET
The real bug is that "libpam-systemd" is installed by default via Recommends by "systemd" and "openssh-server", but it is not included in "/etc/pam.d/common-session" as the UCR template is out-of-date.

echo "session optional        pam_systemd.so" >>base/univention-pam/conffiles/etc/pam.d/common-session.d/10univention-pam_common
Comment 2 Jannik Ahlers univentionstaff 2019-03-14 12:06:58 CET
I added the line that Philipp proposed.
Now when shutting down your ssh session gets closed.

70460a4 Bug #47233: yaml
7fa3c41 Bug #47233: yaml
fa47957 Bug #47233: close ssh connection properly when shutting down

Successful build
Package: univention-pam
Version: 12.0.2-1A~
Branch: ucs_4.4-0
Scope: errata4.4-0
Comment 3 Arvid Requate univentionstaff 2019-03-14 15:38:15 CET
* Code
* Function
* Advisory
Comment 4 Arvid Requate univentionstaff 2019-03-19 14:20:00 CET
We also need a backport for 4.3-3
Comment 5 Philipp Hahn univentionstaff 2019-03-19 18:29:42 CET
(In reply to Arvid Requate from comment #4)
> We also need a backport for 4.3-3

What about the rule to create a different bug with a different target mile stone? At least "announce_errata" needs a matching TM.
Comment 6 Arvid Requate univentionstaff 2019-03-20 00:21:33 CET
> What about the rule to create a different bug with a different target mile stone? At least "announce_errata" needs a matching TM.

I don't know if there is a rule other than that the tool checks this, which my be overridden AFAIK? But the assignee may create a new bug to keep things as simple as possible.
Comment 7 Arvid Requate univentionstaff 2019-03-20 11:50:08 CET
I've simply cloned the bug for 4.3, and will set this back to verified.
Comment 8 Arvid Requate univentionstaff 2019-03-20 12:29:26 CET