[Bug 2627] Documentation update: semantic of ClientAliveCountMax 0 unclear

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Nov 28 09:49:17 AEDT 2023


--- Comment #7 from Damien Miller <djm at mindrot.org> ---
If you were relying on an accidental, unreliable and undocumented
behaviour for security then you always destined to have a bad time. 

ClientAliveCountMax=0 *never* worked as a reliable inactivity timeout -
ServerAliveInterval or a number of other things that caused non-session
traffic could keep a connection alive indefinitely. A security control
that appears to work but silently fails under common conditions is
worse than useless.

We've since added explicit, documented and supported inactivity timeout
mechanisms (ChannelTimeout and UnusedConnectionTimeout), so the
previous accidental behaviour of ClientAliveCountMax won't be coming

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list