* [openssh]: Restore behavior of ClientAliveCountMax=0 OpenSSH 8.2 changed the behavior of ClientAliveCountMax=0 such that setting it to 0 disables connection-killing entirely when the connection is idle. Revert that change. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
This commit is contained in:
parent
d2540ae312
commit
694136ff38
@ -424,7 +424,7 @@ rm /files/etc/ssh/sshd_config/ClientAliveCountMax
|
|||||||
touch /files/etc/ssh/sshd_config/EmptyLineHack
|
touch /files/etc/ssh/sshd_config/EmptyLineHack
|
||||||
rename /files/etc/ssh/sshd_config/EmptyLineHack ""
|
rename /files/etc/ssh/sshd_config/EmptyLineHack ""
|
||||||
set /files/etc/ssh/sshd_config/ClientAliveInterval 900
|
set /files/etc/ssh/sshd_config/ClientAliveInterval 900
|
||||||
set /files/etc/ssh/sshd_config/ClientAliveCountMax 1
|
set /files/etc/ssh/sshd_config/ClientAliveCountMax 0
|
||||||
ins #comment before /files/etc/ssh/sshd_config/ClientAliveInterval
|
ins #comment before /files/etc/ssh/sshd_config/ClientAliveInterval
|
||||||
set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::ClientAliveInterval]] "Close inactive client sessions after 15 minutes"
|
set /files/etc/ssh/sshd_config/#comment[following-sibling::*[1][self::ClientAliveInterval]] "Close inactive client sessions after 15 minutes"
|
||||||
save
|
save
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# fips packages
|
# fips packages
|
||||||
|
|
||||||
FIPS_VERSION = 0.3
|
FIPS_VERSION = 0.4
|
||||||
FIPS_OPENSSL_VERSION = 1.1.1n-0+deb11u3+fips
|
FIPS_OPENSSL_VERSION = 1.1.1n-0+deb11u3+fips
|
||||||
FIPS_OPENSSH_VERSION = 8.4p1-5+deb11u1+fips
|
FIPS_OPENSSH_VERSION = 8.4p1-5+deb11u1+fips
|
||||||
FIPS_PYTHON_MAIN_VERSION = 3.9
|
FIPS_PYTHON_MAIN_VERSION = 3.9
|
||||||
|
@ -0,0 +1,48 @@
|
|||||||
|
From 2bc575c74aa811a60682e989d07675b8e7ac8a12 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Saikrishna Arcot <sarcot@microsoft.com>
|
||||||
|
Date: Thu, 13 Oct 2022 13:45:17 -0700
|
||||||
|
Subject: [PATCH] Revert commit 69334996: make
|
||||||
|
sshd_config:ClientAliveCountMax=0 disable the connection-killing behavior
|
||||||
|
|
||||||
|
SONiC (and others) use this feature to kill connections when the session
|
||||||
|
is idle after some duration of time. OpenSSH 8.2 defined setting
|
||||||
|
ClientAliveCountMax=0, but by doing so, broke the current use case of
|
||||||
|
it.
|
||||||
|
|
||||||
|
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
|
||||||
|
---
|
||||||
|
serverloop.c | 3 +--
|
||||||
|
sshd_config.5 | 3 ---
|
||||||
|
2 files changed, 1 insertion(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/serverloop.c b/serverloop.c
|
||||||
|
index 48d936d..1b30498 100644
|
||||||
|
--- a/serverloop.c
|
||||||
|
+++ b/serverloop.c
|
||||||
|
@@ -184,8 +184,7 @@ client_alive_check(struct ssh *ssh)
|
||||||
|
int r, channel_id;
|
||||||
|
|
||||||
|
/* timeout, check to see how many we have had */
|
||||||
|
- if (options.client_alive_count_max > 0 &&
|
||||||
|
- ssh_packet_inc_alive_timeouts(ssh) >
|
||||||
|
+ if (ssh_packet_inc_alive_timeouts(ssh) >
|
||||||
|
options.client_alive_count_max) {
|
||||||
|
sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
|
||||||
|
logit("Timeout, client not responding from %s", remote_id);
|
||||||
|
diff --git a/sshd_config.5 b/sshd_config.5
|
||||||
|
index a555e7e..a5815d3 100644
|
||||||
|
--- a/sshd_config.5
|
||||||
|
+++ b/sshd_config.5
|
||||||
|
@@ -545,9 +545,6 @@ is set to 15, and
|
||||||
|
.Cm ClientAliveCountMax
|
||||||
|
is left at the default, unresponsive SSH clients
|
||||||
|
will be disconnected after approximately 45 seconds.
|
||||||
|
-Setting a zero
|
||||||
|
-.Cm ClientAliveCountMax
|
||||||
|
-disables connection termination.
|
||||||
|
.It Cm ClientAliveInterval
|
||||||
|
Sets a timeout interval in seconds after which if no data has been received
|
||||||
|
from the client,
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
@ -1 +1,2 @@
|
|||||||
0001-Put-style-as-line-number-to-ssh-session-environment-.patch
|
0001-Put-style-as-line-number-to-ssh-session-environment-.patch
|
||||||
|
0002-Revert-commit-69334996-make-sshd_config-ClientAliveC.patch
|
||||||
|
Loading…
Reference in New Issue
Block a user