Disable all services, except ssh

linux service systemd maintenance
5,116

Solution 1

This sounds a lot like runlevels, replaced with targets in Systemd. So, instead of writing a script that starts and stop a list of services, you could create a new maintenance.target containing only the services necessary, like SSH. Of course, SSH is not quite useful without networking, so in this example a simple emergency-net.target is modified to include SSH.

[Unit]
Description=Maintenance Mode with Networking and SSH
Requires=maintenance.target systemd-networkd.service sshd.service
After=maintenance.target systemd-networkd.service sshd.service
AllowIsolate=yes

Then, you could enter your maintenance mode using

# systemctl isolate maintenance.target

and back

# systemctl isolate multi-user.target

Solution 2

First list your services and search for their corresponding systemd-names.

Then build a list and stop each list member to enter maintenance, start each member after maintenance.

Solution 3

Based on the excellent answer of @Esa, on Debian 10, you have the file rescue-ssh.target to disable all services, except ssh and networking:

/lib/systemd/system/rescue-ssh.target

[Unit]
Description=Rescue with network and ssh
Documentation=man:systemd.special(7)
Requires=network-online.target ssh.service
After=network-online.target ssh.service
AllowIsolate=yes

So now, you can proceed as fallows:

1. Enter in the maintenance mode:

systemctl isolate rescue-ssh.target (only ssh and networking)

2. Check the maintenance mode:

lsof -i:1-65535 (and you will only see the port of the ssh running)

3. Exit from the maintenance mode:

systemctl isolate multi-user.target (and everything is back again)

Share:
5,116

Related videos on Youtube

guettli
Author by

guettli

http://thomas-guettler.de/ Working out loud: https://github.com/guettli/wol

Updated on September 18, 2022

Comments

  • guettli
    guettli over 1 year

    How can I disable all services except ssh on modern (systemd based) linux distributions?

    I need to implement a maintenance mode.

    All these services need to be down:

    • postgres
    • postfix
    • apache
    • cups
    • cron
    • dovecot

    But ssh must not be shut down, since this gets used to do tasks during the maintenance mode.

    Of course I could write a shell script which loops over a list of services which I would like to disable. But this feels like I reinventing something which already exists, but which I don't know up to now.

    • ewwhite
      ewwhite over 6 years
      What type of tasks? Why do you need this?
    • guettli
      guettli over 6 years
      @user430214 I updated the question. I added: Of course I could write a shell script which loops over a list of services which I would like to disable. But this feels like I reinventing something which already exists, but which I don't know up to now.
  • Chris Down
    Chris Down over 6 years
    Why not just use systemctl isolate?
  • guettli
    guettli over 6 years
    Thank you very much for this answer. It shows me that asking is useful, even if you think there is no nice answer except writing a dirty shell script. The emergency-net.target is a simple and elegant solution - great :-)
  • Esa Jokinen
    Esa Jokinen over 6 years
    It certainly is, as it also takes care of all the dependencies, and you don't need to update your script every time you install a new service.
  • chilicheech
    chilicheech about 4 years
    Could you please post what the maintenance.target file looks like? The above isn't working for me and I wonder if it's something I'm getting wrong in maintenance.target.
  • Esa Jokinen
    Esa Jokinen almost 4 years
    @chilicheech: Sorry for the late reply. You can take any suitable .target from /lib/systemd/system and modify your desired maintenance.target from that. It seems e.g. Debian 10 doesn't have the emergency-net.target used here anymore.
  • robe007
    robe007 about 3 years
    @ChrisDown I posted an answer about that.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

proc-sys-fs-binfmt_misc.automount failed service
systemd service with multiple After
Configuring Systemd Service to run with root access
Configure buggy systemd service to terminate via SIGKILL
get notification when systemd-monitored service enters failed state
docker Job for docker.service failed because the control process exited with error code
How can I configure a systemd service to restart periodically?
Systemd with multiple execStart
Running Python script via systemd fails to load module
Convenient way to check if system is using systemd or sysvinit in BASH?