SSH sessions hang on shutdown/reboot
I have a server that runs Debian and sshd on it, and in case I need to reboot the server my SSH session hangs at client side until TCP timeout. I assume this is because when sshd
is being terminated it does not explicitly close open SSH sessions to the host. What should I do to make sshd
first disconnect everyone, then terminate itself as normal? So far I don't see a parameter in man sshd_config
that's related to shutsown behavior.
Solution 1:
When you shutdown or reboot your system, systemd
tries to stop all services as fast as it can. That involves bringing down the network and terminating all processes that are still alive -- usually in that order. So when systemd kills the forked SSH processes that are handling your SSH sessions, the network connection is already disabled and they have no way of closing the client connection gracefully.
Your first thought might be to just kill all SSH processes as the first step during shutdown, and there are quite a few systemd service files out there that do just that.
But there is of course a neater solution (how it's "supposed" to be done): systemd-logind
.systemd-logind
keeps track of active user sessions (local and SSH ones) and assigns all processes spawned within them to so-called "slices". That way, when the system is shut down, systemd can just SIGTERM everything inside the user slices (which includes the forked SSH process that's handing a particular session) and then continue shutting down services and the network.
systemd-logind
requires a PAM module to get notified of new user sessions and you'll need dbus
to use loginctl
to check its status, so install both of those:
apt-get install libpam-systemd dbus
Be sure your /etc/ssh/sshd_config
is actually going to use the module with UsePAM yes
.
Solution 2:
This is something you need to set on the client side, not the server side. Edit your ~/.ssh/config
to contain
ServerAliveInterval 15
ServerAliveCountMax 5
This means that after 15 seconds of inactivity, your client will send a message to the server. If it doesn't get any response, it will try again up to 5 times, and when it still doesn't get an answer, it'll close the session.
Solution 3:
This behaviour is reported on this Debian Bug, you only need to setup correctly the shutdown scripts shiped with the package because, automatically, they aren't copied by default:
cp /usr/share/doc/openssh-client/examples/ssh-session-cleanup.service /etc/systemd/system/
systemctl enable ssh-session-cleanup.service