-
-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] tmux detached session quits after ssh user disconnects #719
Comments
You need to review the /etc/systemd/logind.conf file. I recently updated this in my cloned repository, but I didn't have time to send a pull request. |
https://github.com/konstruktoid/ansible-role-hardening/blob/master/templates/etc/systemd/logind.conf.j2 needs to be turned into variables :) I can do that @cleberb, no stress. |
Sorry for the delay, I'm currently working on this |
#723 has been merged |
Thank you! :) Just came back from holiday. I will comment here in a week or so, once tested but feel free to close if it is already tested. |
@konstruktoid
Any idea what could be wrong with the current master @cleberb ? I have /etc/systemd/logind.conf.d/zz-logind-hardening.conf
and /etc/systemd/logind.conf
Update: Even deleting /etc/systemd/logind.conf does not change anything.
|
Just checked again after deleting the old |
i'll check the configuration, but have you enabled lingering (https://www.freedesktop.org/software/systemd/man/latest/loginctl.html#enable-linger%20USER%E2%80%A6) for the user as well? |
I have not. This is a default Ubuntu 22.04. The only difference with the other servers I have is that I ran ansible-role-hardening in the past. Will check this further. |
Considering that I now have
Shouldn't my process not be killed? |
the process should not be killed, especially since you've set |
what does ~$ lsb_release -d
Description: Ubuntu 22.04.5 LT
~$ loginctl show-user "$(id -un)" | grep -i linger
Linger=no |
Exactly the same values.
Could it be that previous runs affect? |
using vagrant@jammy:~$ tmux
vagrant@jammy:~$ sudo loginctl show-user vagrant | grep -i linger && sudo loginctl show-user | grep -i kill
Linger=no
KillUserProcesses=no
vagrant@jammy:~$ date
Wed Oct 16 01:03:40 PM UTC 2024
vagrant@jammy:~
[ctrl+b+d]
vagrant@jammy:~$ tmux list-session
0: 1 windows (created Wed Oct 16 13:05:15 2024)
vagrant@jammy:~$ exit
logout
|
Nice! Thank you for checking. I guess it's just a problem with my server then. Although, the notebook sets it to "false" but that should work too. |
|
@konstruktoid I tried on a fresh server, and unfortunately, I kills tmux after 15mn with the config below.
|
That's odd, I'll do some more testing. What distro and release are you using? |
Thank you! Yes Ubuntu 22.04.5 LTS |
can't really figure why this is happening, but i'll continue looking |
Thank you for checking. |
yeah, I cant keep a tmux session running for 15 min even if all the logind settings are in place |
sorry for not getting back to you earlier, could you check if the https://github.com/konstruktoid/ansible-role-hardening?tab=readme-ov-file#defaultsmainumaskyml |
Not at all! Thank you for checking. In both cases, it looks like this:
So I guess, this is the culprit in this case, correct? I wonder how this behavior could be documented. It seems to me that it's not that obvious. |
could be most likely, does your sessions get killed if TMOUT is unset? |
or just set |
I was able to test while having the line commented, and indeed, it now stays alive. Thank you! |
If it has fully the same effect and still complies with CIS, it is indeed the way to go IMO. |
well,
|
https://github.com/konstruktoid/ansible-role-hardening/releases/tag/v2.2.0 released with #763 included |
Should this be closed or are you waiting for answers from CIS before closing it? |
Getting an answer and a update benchmark can take forever :) so we'll close this for the time being. |
Since this is probably not a bug but more of a feature, havec skipped the template description.
My question would be: which part of the hardening could cause a tmux detached session to be killed after a ssh user disconnects?
I noticed this behavior on a server patched with the role.
The text was updated successfully, but these errors were encountered: