openssh bugs - Jun 2020 - [Bug 3182] New: openssh-8.2 make ClientAliveCountMax=0 disable the connection

https://bugzilla.mindrot.org/show_bug.cgi?id=3182

            Bug ID: 3182
           Summary: openssh-8.2 make ClientAliveCountMax=0 disable the
                    connection
           Product: Portable OpenSSH
           Version: 8.2p1
          Hardware: ARM64
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: kircherlike at outlook.com

The meaning of the ClientAliveCountMax=0 parameter modified in OpenSSH
8.2 is as follows: 
https://anongit.mindrot.org/openssh.git/commit/?id=69334996ae203c51c70bf01d414c918a44618f8e

This modification indicates that the OpenSSH does not provide the
function of exiting the client due to timeout after no operation is
performed on the client for a long time. In most cases, a client that
does not perform any operation responds to the heartbeat packets sent
by the server. 

The TMOUT parameter in /etc/profile can implement this function. This
parameter, however, is configurable on the client. 

We hope that OpenSSH can re-provide a parameter on the server to make
the client that does not perform any operation exit due to timeout.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3182

kircher <kircherlike at outlook.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P5                          |P1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3182

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Killing the connection because of inactivity was never the specified
function of ClientAliveInterval and that it happened to work that way
was an accident. Note that the previous behaviour was not reliable - a
client that set a ServerAliveInterval or that kept a forwarded TCP
connection open would never be killed for inactivity.

If you need a idle timeout, then I suggest looking at shell features
(e.g. bash's TMOUT) or something like a PAM module.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3182

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3182

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3182

Luke <luke.j.dennis+bugzilla at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |luke.j.dennis+bugzilla at gmai
                   |                            |l.com

--- Comment #3 from Luke <luke.j.dennis+bugzilla at gmail.com> ---
(In reply to Damien Miller from comment #1)
> If you need a idle timeout, then I suggest looking at shell features
> (e.g. bash's TMOUT) or something like a PAM module.
I am trying to add an idle timeout to an ssh server on an embedded
system which does not have bash. I haven't been able to find any
reference to a PAM that will add timeout functionality, would you be
able to point me in the right direction? Either a specific module if
you know if one or some keywords that will help find some results?

Thanks!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3182

Vishwanath Jadhav <jvishwanath66 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jvishwanath66 at gmail.com

--- Comment #4 from Vishwanath Jadhav <jvishwanath66 at gmail.com> ---
Hi Damien Miller,

`close bugs that were resolved in OpenSSH 8.5 release cycle`

can u please share the BZ(or release notes) for the provided fix.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3182

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
https://www.openssh.com/releasenotes.html#9.2 under "New Features"

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.