https://bugzilla.mindrot.org/show_bug.cgi?id=2627
Christopher Maynard <christopher.mayn...@igt.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |christopher.mayn...@igt.com --- Comment #6 from Christopher Maynard <christopher.mayn...@igt.com> --- (In reply to Damien Miller from comment #2) > I committed an alternate change: ClientAliveCountMax=0 will disable > connection-killing entirely. This will be released in OpenSSH 8.2 I think this was the absolute wrong thing to do. This bug report was opened to clarify the documentation about the exact behavior of setting ClientAliveCountMax=0, not to change the behavior of it, and in doing so completely break backward-compatibility in the process. Our organization has just been bitten by this change where previously idle SSH sessions would automatically time out and terminate after the configured value of ClientAliveInterval, as expected. Now this no longer happens and idle sessions remain active indefinitely. I fail to see any possible positive use case for SSH sessions to remain active indefinitely, and in fact, the new behavior is now perceived as an increased security risk. How many idle SSH sessions are unknowingly remaining active now, I wonder? In today's security conscious world, this change in behavior is simply terrible and quite frankly inexcusable. For the benefit of all users, please revert this change. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs