[Bug 3056] New: A non-idle sesstion always be terminated when set ClientAliveCountMax to 0

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Aug 14 08:45:29 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3056

            Bug ID: 3056
           Summary: A non-idle sesstion always be terminated when set
                    ClientAliveCountMax to 0
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: chenxixie0422 at gmail.com

The issue exists from version 7.6p1.
reproduce steps:
1) set sshd_config:
   ClientAliveInterval 60
   ClientAliveCountMax 0

2) user ssh login, then compile our project, the compile time will take
more than 60 seconds:

   [abel at AbelCentOS75 ~/build/Cloud/Agent/linux]$make
   starting to compile...
   ...
   <a lot of output>
   ...
   Connection to localhost closed.
   ===> the session get closed unexpectly after 60 seconds.

I understand that with ClientAliveCountMax == 0 there will be no
"client alive packet"sent and the client ssh session will be terminated
after ClientAliveInterval seconds of idle time. 

But in my use case, the client session keep receiving data from server
side, is it still an "idle" session? the user experience is terrible.

after dig into it, I found the behavior change since 7.6p1 is from
https://bugzilla.mindrot.org/show_bug.cgi?id=2756

before 7.6p1, if there are any incomming or outgoing traffic from ssh
client side, sshd think the connection is not idle.

after 7.6p1, only if there are any incomming traffic from ssh client,
sshd think it's not idle.

Also, for the reason why I set the ClientAliveCountMax to 0, it is
recommended by "CIS CentOS Linux 7 Benchmark", you can get the content
easily from here:
https://secscan.acron.pl/centos7/5/2/13

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list