Disable all services, except ssh

maintenance linux systemd service

How can I disable all services except ssh on modern (systemd based) linux distributions?

I need to implement a maintenance mode.

All these services need to be down:

  • postgres
  • postfix
  • apache
  • cups
  • cron
  • dovecot

But ssh must not be shut down, since this gets used to do tasks during the maintenance mode.

Of course I could write a shell script which loops over a list of services which I would like to disable. But this feels like I reinventing something which already exists, but which I don't know up to now.


Solution 1:

This sounds a lot like runlevels, replaced with targets in Systemd. So, instead of writing a script that starts and stop a list of services, you could create a new maintenance.target containing only the services necessary, like SSH. Of course, SSH is not quite useful without networking, so in this example a simple emergency-net.target is modified to include SSH.

[Unit]
Description=Maintenance Mode with Networking and SSH
Requires=maintenance.target systemd-networkd.service sshd.service
After=maintenance.target systemd-networkd.service sshd.service
AllowIsolate=yes

Then, you could enter your maintenance mode using

# systemctl isolate maintenance.target

and back

# systemctl isolate multi-user.target

Solution 2:

First list your services and search for their corresponding systemd-names.

Then build a list and stop each list member to enter maintenance, start each member after maintenance.

Solution 3:

Based on the excellent answer of @Esa, on Debian 10, you have the file rescue-ssh.target to disable all services, except ssh and networking:

/lib/systemd/system/rescue-ssh.target

[Unit]
Description=Rescue with network and ssh
Documentation=man:systemd.special(7)
Requires=network-online.target ssh.service
After=network-online.target ssh.service
AllowIsolate=yes

So now, you can proceed as fallows:

1. Enter in the maintenance mode:

systemctl isolate rescue-ssh.target (only ssh and networking)

2. Check the maintenance mode:

lsof -i:1-65535 (and you will only see the port of the ssh running)

3. Exit from the maintenance mode:

systemctl isolate multi-user.target (and everything is back again)

Related

How do I upgrade postgresl database? Incompatibility error
Determine process uptime
Examples of 302 vs 303
How to disable http basic auth in nginx for a specific ip range?
Why is the year in this ISO timestamp not 2019?
For Server-Sent Events (SSE) what Nginx proxy configuration is appropriate?
SSH - identify which users still login using passwords
Book recommendation on plane Euclidean geometry
The difference between pointwise convergence and uniform convergence of functional sequences
What is knot theory about, exactly?
How many scientists can survive?
What is the name of this theorem of Jakob Steiner's, and why is it true?