Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-15936

[RHEL 9.2/systemd/BUG] new systemd-logind feature StopIdleSessionSec= does not work when ssh multiplexing is being used with more than one session per user.

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • rhel-9.2.0
    • systemd
    • None
    • None
    • Important
    • rhel-systemd
    • ssg_core_services
    • 8
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      [RHEL 9.2/systemd/BUG] new systemd-logind feature StopIdleSessionSec= does not work when ssh multiplexing is being used after the second session of the same user logged to the system, timeout logic breaks for both sessions.

      Additional info:
      The main sshd process for the multiplexed user shows two TTYs
      eg:

      [user@r92 ~]$ ps -ef | grep "sshd: user" | grep -v grep
      root 1087 757 0 15:41 ? 00:00:00 sshd: user [priv]
      user 1091 1087 0 15:42 ? 00:00:00 sshd: user@pts/1,pts/2

      What were you trying to do that didn't work?

      Enforce timeout on idle sessions.

      Please provide the package NVR for which bug is seen:

      [user@r92 ~]$ rpm -q systemd
      systemd-252-18.el9.x86_64

      How reproducible:

      Always

      Steps to reproduce

      On client side
      $ vi ~/.ssh/config

      Host *

      1. Enables SSH Multiplexing
        ControlPath /tmp/%r@%h:%p
        ControlMaster auto
        ControlPersist 30m

      On server side

      1. vi /etc/systemd/logind.conf
        StopIdleSessionSec=30s
      2. systemctl restart systemd-logind

      On client side:

      $ ssh user@r92
      [user@r92 ~]$

      On another terminal on the client side

      $ ssh user@r92
      [user@r92 ~]$

      Expected results

      After 30 seconds,
      [user@r92 ~]$ Shared connection to 192.168.122.X closed.

      Actual results

      After 30 seconds, no actual closure is observed
      [user@r92 ~]$

      As root we can see the idle on w output,

      [root@r92 ~]# w
      15:44:30 up 4 min, 3 users, load average: 0.01, 0.02, 0.00
      USER TTY LOGIN@ IDLE JCPU PCPU WHAT
      root pts/0 15:44 0.00s 0.01s 0.00s w
      user pts/1 15:42 46.00s 0.02s 0.02s -bash
      user pts/2 15:42 2:12 0.01s 0.01s -bash

              msekleta@redhat.com Michal Sekletar
              rhn-support-jgamba Juan Gamba
              systemd maint mailing list systemd maint mailing list
              Frantisek Sumsal Frantisek Sumsal
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: