dropbear icon indicating copy to clipboard operation
dropbear copied to clipboard
verified publisher icon mkj

Dropbear does not register user sessions via PAM/dbus

Open MichaIng opened this issue 4 years ago • 2 comments

Probably it is expected due to limited PAM support in Dropbear, but I didn't want to miss reporting it, just in case it is easy to implement without causing much overhead and loosing the light nature of Dropbear.

In a Dropbear SSH session on a systemd-driven system, DBUS_SESSION_BUS_ADDRESS is not set, which allows to run systemd services in user mode via systemctl --user .... I'm not sure about details, but it's the libpam-systemd > dbus > systemd-logind stack which normally enables this, so I guess it means to implement support for the pam_systemd module.

MichaIng avatar Jul 24 '21 10:07 MichaIng

This workaround from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751636#20 worked for me:

apt install psmisc

cat > /etc/systemd/system/dropbear-cleanup.service <<EOF
[Unit]
Description=Dropbear session cleanup
After=network.target

[Service]
TimeoutStartSec=0
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/true
ExecStop=/usr/bin/killall dropbear

[Install]
WantedBy=multi-user.target
EOF

systemctl start dropbear-cleanup && systemctl enable dropbear-cleanup

mrbluecoat avatar Sep 01 '22 20:09 mrbluecoat

This solves non-terminated SSH sessions on shutdown (which is the same with OpenSSH), but does not fix starting Dropbear via systemctl --user 😉.

MichaIng avatar Sep 01 '22 20:09 MichaIng