SSH connection and network restart

Posted on 2006-04-13
Last Modified: 2010-03-18
I'm currently running FC4 and I ssh'd into the machine then performed a service network restart so I believe I should no longer be connected because it's shutting down the interfaces though I'm still connected when the interfaces are brought back up, so I'm curious as to how that is possible.
Question by:kdavidm
    LVL 27

    Expert Comment

    It's quiet interesting.

    I can only suppose that when you will do '/etc/init.d/network stop' you will have all existing connections alive also. Try this (with care, having local access to that machine).

    If so, than I can tell you what happens. When you call 'network restart' it's the same as 'network stop' then 'network start'
    Network stop will execute '/etc/sysconfig/network-scripts/ifdown' for each interface.

    'ifdown' script tries to shutdown interface: ip link set dev ${DEVICE} down
    but does wait only for 5 seconds (it doesn't matter if device is really down or not)

    while ! check_device_down ${DEVICE} && [ "$waited" -lt 50 ] ; do
        usleep 10000

    Now even if device is still UP script continues.
    Why device may be UP? Here is a weak point, I don't know exactly. But probably because there are applications that use that device and it is busy. Link marked as down, so only existing connections are working. That's why 'network stop' executes after all scripts on shutdown (when every networked application is closed).

    How to force to shutdown interface? I guess forced 'rmmod' will help.

    Network scripts are trying to bring down interfaces for 5 secondns
    LVL 19

    Expert Comment

    it looked connected, or it allowed you to type and answered after the network restart?

    What I can see is ifconfig ethX down didn't worked well. If this is the only problem it gives, it's okay, but I would check to see if there are other problems also
    LVL 19

    Assisted Solution

    It's pretty logical really; all the output text from the init script just gets buffered until the interface comes back up. You're still authenticated, and the sshd doesn't have the faintest idea you just restarted the networking. Same as if you're happily talking away using something like xchat and you restart the networking, you don't suddenly get booted off irc.

    Let's face it, it would be pretty annoying if you didn't have that facility if your company had a number of linux servers in different locations, or at a colo facility. Try that on windows through a terminal session, or vnc or whatever and it'll kick you off every time.
    LVL 2

    Assisted Solution

    Well, it`s fairly simple actually. As you might know the tcp/ip module is made of 4 layers. The link at the end of the page, is a bit more deep, yet the main thing we need to say about that, is that the part that makes sure that connection is stable, is not your network card, but a part of the kernel, that takes care of tcp connectivity.   when you restart netwoking, you restart the IP module, that has no issue dealing with the presistence of the connection.
    For the example sake , let`s say that your connection is a mail office, and all you send is registered mail. You have sent some mail to a far away building, and got informed when they got the letter. Now lets say that we had a great fire in the post office at the building. You don`t get informed about that they got the mail, so you resend it. Now they`ve builet a new post office for the building, and the mail just go where it should. You can hardly tell it happent! That`s just how the networking goes: if you are not informed that the other side of the connection got your SSH packet, you automaticly resend it. That`s all!  

    If it intrests you, this file ha good networking overview:
    LVL 22

    Expert Comment

    Best way to view this is the network is coming back up in the same configuration as when it went down. Due to the way the various network layers work, the connection is capable of continuing as before after the restart.

    In order to forceably disconnect, you need to kill the shells associated with the ssh connections.

    Also ssh is designed to be resilient.. (Many other applications will 'disconnect' you.)
    LVL 19

    Accepted Solution

    good explanation from everyone

    I did the test and found that in Redhat-like, (where the "service" command exists) this happends

    In slackware it would not happend. if you want to restart your network, it will be disabled (FULLY) and then reenabled again, effectively disconnecting your session.

    so, it depends on the distribution. If you see in the network restart script, you will notice there is provision for maintain existing connections.
    LVL 7

    Expert Comment

    RedHat and similar distributions are level based - the dependencies are coded by the K/S #s in /etc/init.d/rc?.d ...

    So if you restart via init 3 (even if you are already at level 3), it will issue all the Ks and then the Ss - and so it will restart sshd.

    Other distros, e.g. Gentoo actually encode dependencies directly in the startup scripts and so restarting net will automatically restart sshd.

    Whether the restart is a good thing depends on the network change you've made.  If it changes the network configuration, such as DHCP assigining a new IP address, then you can have a broken sshd.  But if it's not that kind of change, leaving the connection up is a good thing if you break something doing remote administration...


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now