openssh bugs - Mar 2025 - [Bug 3803] New: Connections not kept alive with ServerAliveInterval

https://bugzilla.mindrot.org/show_bug.cgi?id=3803

            Bug ID: 3803
           Summary: Connections not kept alive with ServerAliveInterval
           Product: Portable OpenSSH
           Version: 9.8p1
          Hardware: 68k
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: chiragc204 at gmail.com

Hi, 

  After openssh 9.2, it is recommended to use ChannelTimeout and
UnusedConnectionTimeout that provide granular idle session/connection
timeout and behaviour of ClientAliveCountMax=0 parameter was changed
which did not timeout the idle session. 


Reference bug : https://bugzilla.mindrot.org/show_bug.cgi?id=3172 
Commit which disables connection killing on ClientAliveCountMax 0 ,
https://github.com/openssh/openssh-portable/commit/69334996ae203c51c70bf01d414c918a44618f8e

Earlier before openssh 8.2 configuring ClientAliveCountMax 0 did
timeout the idle connection but to keep the connection alive client can
pass ServerAliveIntervalbecause it sends the keepalive packet regularly
from the client

example : ssh -p 2222 root at 10.x.x.x -o ServerAliveInterval=25s

Now i have configured ChannelTimeout and UnusuedConnectionTimeout in
sshd but doing ssh with serveraliveinteral passed from client does not
keep the connection alive 

ChannelTimeout *=1m
UnusedConnectionTimeout 1m



If ServerAliveInternal is not working to keep the idle connection alive
, please help with another configuration that the client can use
provided the server users ChannelTimeout and UnusuedConnectionTimeout
to keep the connection alive if needed

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3803

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
If you want to keep the channel alive with ChannelTimeout then you need
to send data over it, that is the point.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3803

--- Comment #2 from Chirag <chiragc204 at gmail.com> ---
I ssh using ServerAliveInterval and it did send and receive packet as
seen in the debug logs but still the connection is closed . 

Here is the output 

ssh -p 2222 root at 10.x.x.x -o ServerAliveInterval=25s



debug3: send packet: type 80
debug3: receive packet: type 82
debug3: send packet: type 80
debug3: receive packet: type 82
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: chan_shutdown_write: channel 0: (i0 o1 sock -1 wfd 5 efd 6
[write])
debug2: channel 0: output drain -> closed
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype eow at openssh.com reply
0
debug2: channel 0: rcvd eow
debug2: chan_shutdown_read: channel 0: (i0 o3 sock -1 wfd 4 efd 6
[write])
debug2: channel 0: input open -> closed
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3803

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Yes, but that's not data over an active channel.

ServerAliveInterval is for keeping the connection awake through
firewalls and NAT devices that timeout connections that send no
traffic.

It will have no effect to prevent a connection that is sending no real
user data over an open channel from being affected by ChannelTimeout,
and will not prevent a server from closing a connection with no active
channels after UnusuedConnectionTimeout

The "unused" in UnusuedConnectionTimeout means "actual user
data"

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.