Bug 758535 - Restarting sshd kills current sessions
Restarting sshd kills current sessions
Status: CLOSED DUPLICATE of bug 757545
Product: Fedora
Classification: Fedora
Component: systemd (Show other bugs)
Unspecified Unspecified
unspecified Severity urgent
: ---
: ---
Assigned To: systemd-maint
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2011-11-29 20:11 EST by Konstantin Svist
Modified: 2011-12-01 05:16 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-12-01 05:16:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Konstantin Svist 2011-11-29 20:11:41 EST
Description of problem:
Old behavior of sshd restart was such that existing sessions kept running until disconnected. New behavior makes administering remote machines much harder.

[root@mach ~]# systemctl restart sshd.service 
Connection to mach closed by remote host.
Connection to mach closed.

Version-Release number of selected component (if applicable):
openssh-server 5.8p2-22.fc16
systemd 37-3.fc16

How reproducible:
every time

Steps to Reproduce:
1. ssh into remote F16 machine
2. run "systemctl restar sshd.service"

Actual results:
Session is immediately teminated, have to log in again (probably impossible if ran "systemctl stop sshd.service" by accident)

Expected results:
Session should remain open

Additional info:
Comment 1 Petr Lautrbach 2011-11-30 06:03:24 EST
How does your /etc/pam.d/sshd and /etc/pam.d/password-auth look like? Do you have 'UsePam yes' in /etc/ssh/sshd_config? See bug #757545
Comment 2 Konstantin Svist 2011-11-30 12:23:19 EST
sshd_config indeed uses old configuration with "UsePam no"
This server has a policy of only allowing logins using asymmetric keys -- will pam cause password logins to be allowed?

PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
Comment 3 Petr Lautrbach 2011-12-01 05:16:09 EST
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.

So with your configuration, PAM is used only for account and session checks and password logins are not enabled.

*** This bug has been marked as a duplicate of bug 757545 ***

Note You need to log in before you can comment on or make changes to this bug.