Mailing List Archive

[Bug 3056] A non-idle session always be terminated when set ClientAliveCountMax to 0
https://bugzilla.mindrot.org/show_bug.cgi?id=3056

abel.xie <chenxixie0422@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Summary|A non-idle sesstion always |A non-idle session always
|be terminated when set |be terminated when set
|ClientAliveCountMax to 0 |ClientAliveCountMax to 0

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3056] A non-idle session always be terminated when set ClientAliveCountMax to 0 [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3056

abel.xie <chenxixie0422@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3056] A non-idle session always be terminated when set ClientAliveCountMax to 0 [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3056

abel.xie <chenxixie0422@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |INVALID

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3056] A non-idle session always be terminated when set ClientAliveCountMax to 0 [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3056

--- Comment #2 from abel.xie <chenxixie0422@gmail.com> ---
(In reply to Darren Tucker from comment #1)
> (In reply to abel.xie from comment #0)
> [...]
> > But in my use case, the client session keep receiving data from
> > server side, is it still an "idle" session? the user experience is
> > terrible.
>
> Well it's doing exactly what you asked it to, and it's consistent
> with what the documentation says it'll do.
>
> > after dig into it, I found the behavior change since 7.6p1 is from
> > https://bugzilla.mindrot.org/show_bug.cgi?id=2756
> >
> > before 7.6p1, if there are any incomming or outgoing traffic from
> > ssh client side, sshd think the connection is not idle.
> >
> > after 7.6p1, only if there are any incomming traffic from ssh
> > client, sshd think it's not idle.
> >
> > Also, for the reason why I set the ClientAliveCountMax to 0, it is
> > recommended by "CIS CentOS Linux 7 Benchmark", you can get the
> > content easily from here:
> > https://secscan.acron.pl/centos7/5/2/13
>
> That's not really what ClientAlive is for, you probably want
> something like bash's TMOUT. ClientAlive is intended to detect
> clients that have dropped off the network.
>
> With the previous behaviour, regular output would have it considered
> alive even if it wasn't and the traffic would likely end up buffered
> in the TCP socket buffer. (BTW it'd also mean that you could leave
> a build unattended and someone could ctrl-C it and subvert your
> intended policy too.)

OK, Thanks for your explanation!

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3056] A non-idle session always be terminated when set ClientAliveCountMax to 0 [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3056

--- Comment #3 from Darren Tucker <dtucker@dtucker.net> ---
BTW you shouldn't rely on ClientAliveInterval to disconnect your idle
users as they could trivially defeat it by setting ServerAliveInterval
in the client to a slightly lower value.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs