2

When I ssh to my media server, I get a bunch of unrequested processes started up:

/usr/lib/systemd/systemd --user /usr/bin/dbus-broker-launch --scope user dbus-broker /usr/bin/pulseaudio --daemonize=no --log-target=journal

Surely you'd only want pulseaudio and dbus if you're starting a GUI session.

I can kill systemd and those processes also die - it doesn't seem to hurt anything in my ssh session.

Whats worse, is that these processes don't die when I log out.

How do I stop this?

I can do

systemctl --user disable pulseaudio.service dbus-broker.service

... but I would need these if I do a GUI login (eg on the monitor or in a headless sway session).

I would have thought that SYSADMINS around the world would be seizing their pitchforks and marching on Castle Systemd in anger at spurious processes being created by simple ssh logins - and worse still, leaving them running when logged out.

This is on fedora-33

Improve this question
4
  • Sysadmins got more important things to worry about than 2 processes using barely any resources Commented Jul 2, 2021 at 10:21
  • Related: What does pam_systemd.so do? Commented Jul 2, 2021 at 12:54
  • @Panki - I beg to differ. Imagine (as in my previous employer) 1000's of linux VM instances, dozens of ops staff, possibly hundreds of automated ssh jobs - it adds up. I admit that for me on my home setup, it's just an untidiness; a lack of minimalism. As a Unix greybeard, I hate that and I'm suspicious of what these youngsters are doing with systemd! Commented Jul 3, 2021 at 0:12
  • 1
    @steeldriver - thanks for the useful link which led me to remove the pam_systemd.so line from /etc/pam.d/system-auth. Now I can log in without the cruft. Next, I need to find out how to prepare such a login for a GUI session - should I want one!! Running 'systemd --user' doesn't do it. Commented Jul 3, 2021 at 0:38

1 Answer 1

Reset to default
1

The starting of a user session is caused by invocation of pam_systemd.so (on debian systems, this is in /etc/pam.d/common-session which is referenced by a line @include common-session in /etc/pam.d/sshd).

Put UsePAM no in your /etc/ssh/sshd_config to prevent sshd from using the whole Pluggable Authentication Modules mechanism systemd hooks into.

Alternatively, you could comment out just the mentioned @include common-session line in /etc/pam.d/sshd.

Improve this answer
2
  • 1
    Unfortunately, fedora has a very different PAM setup and /etc/ssh/sshd_config has a comment "# WARNING: 'UsePAM no' is not supported in Fedora and may cause several # problems." Commented Jan 7, 2022 at 0:04
  • That's all well and good, but does it actually cause any problems? Commented May 11 at 15:44

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.