Page MenuHomeFreeBSD

freebsd-update: restart sshd after upgrade
ClosedPublic

Authored by emaste on May 2 2022, 5:19 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 15, 6:16 AM
Unknown Object (File)
Wed, Oct 15, 4:18 AM
Unknown Object (File)
Sat, Oct 11, 11:15 AM
Unknown Object (File)
Sat, Oct 11, 11:15 AM
Unknown Object (File)
Sat, Oct 11, 11:15 AM
Unknown Object (File)
Sat, Oct 11, 3:16 AM
Unknown Object (File)
Sat, Sep 20, 12:56 PM
Unknown Object (File)
Fri, Sep 19, 2:38 AM
Subscribers

Details

Summary

Sometimes the parent-child sshd protocol changes during an upgrade, and
when this happens sshd will not accept new connections until it is
restarted.

PR: 263489

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste requested review of this revision.May 2 2022, 5:19 PM
emaste created this revision.
This revision is now accepted and ready to land.May 2 2022, 5:26 PM

Dumb question, I'm sure, but doesn't restarting sshd kill current ssh sessions?

Dumb question, I'm sure, but doesn't restarting sshd kill current ssh sessions?

Not a dumb question! It does not. The parent sshd process restarts, but it does not kill any of the children handling already-accepted connections.

Will change the comment to

# Restart sshd if running (PR263489).  Note that this does not
# affect child sshd processes handling existing sessions.

Dumb question, I'm sure, but doesn't restarting sshd kill current ssh sessions?

Not a dumb question! It does not. The parent sshd process restarts, but it does not kill any of the children handling already-accepted connections.

Right. The only time I have ever seen sshd terminate an active connection is when reloading pf(4) rules or restarting pf(4).

Thanks! I was having nightmares of ssh sessions being terminated and leaving people with half-upgraded systems which they couldn't ssh into.

Right. The only time I have ever seen sshd terminate an active connection is when reloading pf(4) rules or restarting pf(4).

Ah, that's probably what I was thinking of. I know I've locked myself out of a system in the past by trying to restart something, and now I'm forever paranoid.

This revision was automatically updated to reflect the committed changes.