touch-packages team mailing list archive

Thread
Date

[Bug 1429938] Re: systemd changes behavior of apt-get remove openssh-server

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Martin Pitt <martin.pitt@xxxxxxxxxx>
Date: Wed, 11 Mar 2015 10:48:01 -0000
Reply-to: Bug 1429938 <1429938@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

After both "systemctl stop ssh" or a complete "apt-get purge openssh-
server" existing ssh connections continue to work, and the various
"sshd: login [priv]" processes continue to run, just the "/usr/sbin/sshd
-D" master process goes away, as expected.

sshd.service has KillMode=process which does that (kills the master
process, but none of its children). So I cannot reproduce this.

Do you have some more information how to reproduce this behaviour? Can
you perhaps interrupt the image build process right before the purging,
check "ps aux|grep ssh", then purge, check ps again, see what happened?
Do you have steps or something that I can run which reproduces this?

** Changed in: openssh (Ubuntu)
       Status: Triaged => Incomplete

** Summary changed:

- systemd changes behavior of apt-get remove openssh-server
+ stopping ssh.service closes existing ssh connections

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1429938

Title:
  stopping ssh.service closes existing ssh connections

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  On Trusty and Utopic, when you run `apt-get remove openssh-server`
  over an SSH connection, your existing SSH connection remains open, so
  it's possible to run additional commands afterward.

  However, on Vivid now that the switch to systemd has been made,  `apt-
  get remove openssh-server` closes the existing SSH connection
  immediately, causing your SSH client to exit with a non-zero status. I
  have a hunch there's a lot of automation tooling out there that relies
  on the old behavior.

  For what it's worth, this change breaks the internal image mastering
  tools that System76 uses. Prior to exporting an image tarball, I spin
  up a golden VM with qemu, rysnc a script to it, and then execute this
  script over SSH.

  The important step is that I need to remove openssh-server prior to
  shutting down the VM, so these scripts always end with something like
  this:

  apt-get -y purge openssh-server ssh-import-id
  apt-get -y autoremove
  shutdown -h now

  As far as I can tell, this behavior change will likewise be a problem
  when running `do-release-upgrade` on a remote server over SSH. Or more
  generally, anytime you run "apt-get upgrade/dist-upgrade" via SSH, it
  seems this would be a problem whenever the openssh-server package
  happens to be updated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1429938/+subscriptions

References

[Bug 1429938] [NEW] systemd changes behavior of apt-get remove openssh-server
From: Jason Gerard DeRose, 2015-03-09