Public bug reported: $ apt-cache policy openssh-server openssh-server: Installed: 1:8.2p1-4ubuntu0.4 Candidate: 1:8.2p1-4ubuntu0.4
$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.4 LTS Release: 20.04 Codename: focal After upgrading from 'bionic' the openssh ClientAlive* parameters are not functioning as expected in sshd: /etc/ssh/sshd_config:ClientAliveInterval 900 /etc/ssh/sshd_config:ClientAliveCountMax 0 The expected behaviour is that after 900s with no traffic in the session the server terminates the connection. There appears to be a custom patch in the package which changes this: - sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will now disable connection killing entirely rather than the current behaviour of instantly killing the connection after the first liveness test regardless of success. It is unclear why this is a beneficial change in the default behaviour of sshd. If the user doesn't want the session disconnected then they should set ClientAliveInterval=0. It also defeats our requirement to have idle ssh sessions terminated when nothing has been done for 15 minutes. It is tempting to mark this as a security issue due to unexpected change in behaviour and the fact it would leave idle sessions open whereas a vanilla ssh package would close them. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1978816 Title: sshd: ClientAliveCountMax=0 not honoured as expected Status in openssh package in Ubuntu: New Bug description: $ apt-cache policy openssh-server openssh-server: Installed: 1:8.2p1-4ubuntu0.4 Candidate: 1:8.2p1-4ubuntu0.4 $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.4 LTS Release: 20.04 Codename: focal After upgrading from 'bionic' the openssh ClientAlive* parameters are not functioning as expected in sshd: /etc/ssh/sshd_config:ClientAliveInterval 900 /etc/ssh/sshd_config:ClientAliveCountMax 0 The expected behaviour is that after 900s with no traffic in the session the server terminates the connection. There appears to be a custom patch in the package which changes this: - sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will now disable connection killing entirely rather than the current behaviour of instantly killing the connection after the first liveness test regardless of success. It is unclear why this is a beneficial change in the default behaviour of sshd. If the user doesn't want the session disconnected then they should set ClientAliveInterval=0. It also defeats our requirement to have idle ssh sessions terminated when nothing has been done for 15 minutes. It is tempting to mark this as a security issue due to unexpected change in behaviour and the fact it would leave idle sessions open whereas a vanilla ssh package would close them. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1978816/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp