Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=3172

--- Comment #2 from Stefan <stefan.laesser@omicronenergy.com> ---
Yes, I am testing by not passing keystrokes through the session.

Can you please tell me which settings are for closing idle sessions
then? :)

All I have found on the internet, and even the CIS recommendation
(https://www.cisecurity.org/cis-benchmarks/), is to use these two
settings for closing idle connections automatically.

Before using OpenSSH 8.2 we were running OpenSSH 7.9. With 7.9
everything worked as expected with ClientAliveCountMax=0 and
ClientAliveInterval=300 - any idle connection was closed automatically
after 5min. Since the update this does not work anymore. We did not
change anything in our sshd config.

In the OpenSSH 8.2 release notes I have found a bug fix regarding
ClientAliveCountMax which indicates a changed behavior
(https://bugzilla.mindrot.org/show_bug.cgi?id=2627)

* sshd(8): make ClientAliveCountMax=0 have sensible semantics: it
will now disable connection killing entirely rather than the
current behaviour of instantly killing the connection after the
first liveness test regardless of success. bz2627

That is why I have played around with ClientAliveCountMax but without
success.

Your help is really appreactiated - thank you.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3172

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker@dtucker.net

--- Comment #3 from Darren Tucker <dtucker@dtucker.net> ---
(In reply to Stefan from comment #2)
> Can you please tell me which settings are for closing idle sessions
> then? :)

sshd doesn't actually know when the shell is idle. Is the shell idle
during "sleep 60"? Try something like bash's TMOUT variable.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3172

--- Comment #4 from Stefan <stefan.laesser@omicronenergy.com> ---
(In reply to Darren Tucker from comment #3)
> (In reply to Stefan from comment #2)
> > Can you please tell me which settings are for closing idle sessions
> > then? :)
>
> sshd doesn't actually know when the shell is idle. Is the shell
> idle during "sleep 60"? Try something like bash's TMOUT variable.

Yes, when I am using TMOUT inside the session is terminated
automatically. I don't even need an explicit sleep command. So the
session is really idle.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3172

--- Comment #5 from Stefan <stefan.laesser@omicronenergy.com> ---
Any idea why it works for OpenSSH 7.9 and does not work anymore with
OpenSSH 8.x?

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs