Package: openssh-server Version: 1:7.2p2-6 Severity: serious Hi,
the addition of ssh-session-cleanup.service in the latest upload [1] is imho a bad idea. It's an aweful hack and besides, it also kills your SSH sessions on upgrades (thus severity RC). The proper fix is to use libpam-systemd. This will register a proper session scope when users log in via SSH. Those session scopes are ordered against systemd-user-sessions.service which itself has a proper ordering against network.target. So those user session are stopped before the network stack is shutdown. Please drop ssh-session-cleanup.service again and simply add a dependency on libpam-systemd. It's the correct solution for this problem. Regards, Michael [1] https://anonscm.debian.org/cgit/pkg-ssh/openssh.git/commit/?id=b66f1de1c94 -- System Information: Debian Release: stretch/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages openssh-server depends on: ii adduser 3.115 ii debconf [debconf-2.0] 1.5.59 ii dpkg 1.18.9 ii init-system-helpers 1.39 ii libaudit1 1:2.6.5-1 ii libc6 2.23-2 ii libcomerr2 1.43.1-1 ii libgssapi-krb5-2 1.14.2+dfsg-1 ii libkrb5-3 1.14.2+dfsg-1 ii libpam-modules 1.1.8-3.3 ii libpam-runtime 1.1.8-3.3 ii libpam0g 1.1.8-3.3 ii libselinux1 2.5-3 ii libssl1.0.2 1.0.2h-1 ii libsystemd0 230-7 ii libwrap0 7.6.q-25 ii lsb-base 9.20160629 ii openssh-client 1:7.2p2-6 ii openssh-sftp-server 1:7.2p2-6 ii procps 2:3.3.12-2 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages openssh-server recommends: ii ncurses-term 6.0+20160625-1 ii xauth 1:1.0.9-1 Versions of packages openssh-server suggests: ii ksshaskpass [ssh-askpass] 4:5.7.0-1 pn molly-guard <none> pn monkeysphere <none> pn rssh <none> ii ssh-askpass 1:1.2.4.1-9 pn ufw <none> -- debconf information excluded