[Bug 3056] A non-idle sesstion always be terminated when set ClientAliveCountMax to 0

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Aug 14 09:53:03 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3056

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to abel.xie from comment #0)
[...]
> But in my use case, the client session keep receiving data from
> server side, is it still an "idle" session? the user experience is
> terrible.

Well it's doing exactly what you asked it to, and it's consistent with
what the documentation says it'll do.

> after dig into it, I found the behavior change since 7.6p1 is from
> https://bugzilla.mindrot.org/show_bug.cgi?id=2756
> 
> before 7.6p1, if there are any incomming or outgoing traffic from
> ssh client side, sshd think the connection is not idle.
> 
> after 7.6p1, only if there are any incomming traffic from ssh
> client, sshd think it's not idle.
> 
> Also, for the reason why I set the ClientAliveCountMax to 0, it is
> recommended by "CIS CentOS Linux 7 Benchmark", you can get the
> content easily from here:
> https://secscan.acron.pl/centos7/5/2/13

That's not really what ClientAlive is for,  you probably want something
like bash's TMOUT.  ClientAlive is intended to detect clients that have
dropped off the network.

With the previous behaviour, regular output would have it considered
alive even if it wasn't and the traffic would likely end up buffered in
the TCP socket buffer.  (BTW it'd also mean that you could leave a
build unattended and someone could ctrl-C it and subvert your intended
policy too.)

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list