Public bug reported:
$ apt-cache policy openssh-server
openssh-server:
Installed: 1:8.2p1-4ubuntu0.4
Candidate: 1:8.2p1-4ubuntu0.4
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal
After upgrading from 'bionic' the openssh ClientAlive* parameters are
not functioning as expected in sshd:
/etc/ssh/sshd_config:ClientAliveInterval 900
/etc/ssh/sshd_config:ClientAliveCountMax 0
The expected behaviour is that after 900s with no traffic in the session
the server terminates the connection. There appears to be a custom
patch in the package which changes this:
- sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will
now disable connection killing entirely rather than the current
behaviour of instantly killing the connection after the first liveness
test regardless of success.
It is unclear why this is a beneficial change in the default behaviour
of sshd. If the user doesn't want the session disconnected then they
should set ClientAliveInterval=0. It also defeats our requirement to
have idle ssh sessions terminated when nothing has been done for 15
minutes.
It is tempting to mark this as a security issue due to unexpected change
in behaviour and the fact it would leave idle sessions open whereas a
vanilla ssh package would close them.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1978816
Title:
sshd: ClientAliveCountMax=0 not honoured as expected
Status in openssh package in Ubuntu:
New
Bug description:
$ apt-cache policy openssh-server
openssh-server:
Installed: 1:8.2p1-4ubuntu0.4
Candidate: 1:8.2p1-4ubuntu0.4
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal
After upgrading from 'bionic' the openssh ClientAlive* parameters are
not functioning as expected in sshd:
/etc/ssh/sshd_config:ClientAliveInterval 900
/etc/ssh/sshd_config:ClientAliveCountMax 0
The expected behaviour is that after 900s with no traffic in the
session the server terminates the connection. There appears to be a
custom patch in the package which changes this:
- sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will
now disable connection killing entirely rather than the current
behaviour of instantly killing the connection after the first liveness
test regardless of success.
It is unclear why this is a beneficial change in the default behaviour
of sshd. If the user doesn't want the session disconnected then they
should set ClientAliveInterval=0. It also defeats our requirement to
have idle ssh sessions terminated when nothing has been done for 15
minutes.
It is tempting to mark this as a security issue due to unexpected
change in behaviour and the fact it would leave idle sessions open
whereas a vanilla ssh package would close them.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1978816/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
