https://bugzilla.mindrot.org/show_bug.cgi?id=2627
Christopher Maynard <christopher.mayn...@igt.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |christopher.mayn...@igt.com
--- Comment #6 from Christopher Maynard <christopher.mayn...@igt.com> ---
(In reply to Damien Miller from comment #2)
> I committed an alternate change: ClientAliveCountMax=0 will disable
> connection-killing entirely. This will be released in OpenSSH 8.2
I think this was the absolute wrong thing to do. This bug report was
opened to clarify the documentation about the exact behavior of setting
ClientAliveCountMax=0, not to change the behavior of it, and in doing
so completely break backward-compatibility in the process.
Our organization has just been bitten by this change where previously
idle SSH sessions would automatically time out and terminate after the
configured value of ClientAliveInterval, as expected. Now this no
longer happens and idle sessions remain active indefinitely. I fail to
see any possible positive use case for SSH sessions to remain active
indefinitely, and in fact, the new behavior is now perceived as an
increased security risk.
How many idle SSH sessions are unknowingly remaining active now, I
wonder? In today's security conscious world, this change in behavior
is simply terrible and quite frankly inexcusable.
For the benefit of all users, please revert this change.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
