Let's say I currently have an ssh session with a remote computer, and I run the following command:
sudo systemctl stop ssh
and after running:
systemctl status ssh
to verify the status of the service, it seems to be inactive(dead) why am I still able to execute any commands remotely?
When you connect, the SSH daemon (e.g. sshd) forks at least once. From now on your connection is handled by a separate process, not the listening daemon itself.
systemctl stop ssh stops the listening daemon, so new SSH connections cannot be established. Existing connections survive because forked processes survive.
This is an example snippet from pstree -u:
systemd-+-… … |-sshd---sshd---sshd(kamil)---bash---… … The first sshd is the daemon running as root. The second one is a forked elevated process, still retaining root's power. The third one has dropped root's power, it belongs to me (kamil). Stopping (killing) the daemon process does not affect the other two (yes, I have tested).
