Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[sshd] Close SSH connections after 15 minutes of inactivity #3031

Merged
merged 1 commit into from
Jul 7, 2019
Merged

[sshd] Close SSH connections after 15 minutes of inactivity #3031

merged 1 commit into from
Jul 7, 2019

Conversation

jleveque
Copy link
Contributor

- What I did

Configure sshd to close all SSH connetions after 15 minutes of inactivity.

- How I did it

Set ClientAliveInterval to 900 (900 seconds = 15 minutes) and ClientAliveCountMax to 0
in /etc/ssh/sshd_config using augtool in build_debian.sh. In the process, I refactored the existing augtool command for sshd_config so as to add comments and empty lines to file for readability.

- How to verify it

  1. Log into device via management port. Wait 15 minutes without sending a keystroke -- you should be automatically logged out.

@jleveque
Copy link
Contributor Author

Retest vs please

@lguohan lguohan merged commit 8329ce1 into sonic-net:master Jul 7, 2019
@jleveque jleveque deleted the ssh_timeout branch July 8, 2019 18:09
yxieca pushed a commit that referenced this pull request Jul 10, 2019
- What I did

Configure sshd to close all SSH connetions after 15 minutes of inactivity.

- How I did it

Set ClientAliveInterval to 900 (900 seconds = 15 minutes) and ClientAliveCountMax to 0
in /etc/ssh/sshd_config using augtool in build_debian.sh. In the process, I refactored the existing augtool command for sshd_config so as to add comments and empty lines to file for readability.

- How to verify it

Log into device via management port. Wait 15 minutes without sending a keystroke -- you should be automatically logged out.
@toreanderson
Copy link

This is an abuse of the OpenSSH ClientAlive* settings, which are not intended as a generic idle timeout, see https://bugzilla.mindrot.org/show_bug.cgi?id=3172#c6 and https://bugzilla.mindrot.org/show_bug.cgi?id=3362#c2.

The fact that it did with ClientAliveCountMax 0, is actually a bug that was fixed in OpenSSH 8.2, see https://bugzilla.mindrot.org/show_bug.cgi?id=2627#c2. So the desired behaviour will stop working.

Fortunately, I might add. This is a pretty annoying «feature» – getting thrown out every 15 minutes is infuriating. Even one is not actually sending any keystrokes to the SSH session this does not mean that it is «inactive». One might be trying to debug some issue by passively monitoring streaming log output from journalctl -f, for example.

This pull request is IMHO missing a clear rationale or a «Why I did it» section. This is not the default behaviour in OpenSSH nor in any other mainstream Linux distribution as far as I know. Why deviate?

yxieca pushed a commit that referenced this pull request Nov 30, 2023
* Update sonic-utilities to master branch version

sonic-utilities was (intentionally) pointing to a commit on a fork,
since merging sonic-utilities's changes for Bookworm first onto the
master branch would result in PR checker failures. Now that
sonic-buildimage is on master branch and the Bookworm changes in
sonic-utilities have been merged into master, sonic-utilties can now
point to master.

17e77fe2 Revert "Run yang validation in unit test (#3025)" (#3055)
96dd5559 [dhcp_relay] Fix dhcp_relay counter display issue (#3054)
6dfeee69 [sflow][db_migrator] Egress Sflow support (#3020)
02a588b7 Don't collect /proc/sched_debug
d7ec3251 Fix error about having a mutable default for field headers in dataclass
0ab3ab91 Fix test execution on Bookworm (#3041)
ef8f6f83 Specify test dependencies under extra_requires
61c44e80 Update python packages
1e813105 [wol] Implement wol command line utility (#3048)
8ebc56a0 [sonic_installer]: Improve exception handling: introduce notes. (#3029)
3610ce93 [sonic-package-manager] Fix YANG validation failure on upgrade when feature has constraints in YANG model on FEATURE table (#2933)
cfd2dd39 Add container rsyslog.conf to the sys dump (#3039)
c4b07828 Support new platform in generic configuration update (#3038)
a8d236c8 [fast-reboot-filter-routes.py] Remove click and improve error reporting (#3030)
75199c0f [sonic-package-manager] insert newline in /etc/sonic/generated_services.conf (#3040)
cd855698 [VOQ][saidump] Modify generate_dump: replace save_saidump with save_saidump_by_route_size (#2972)
f1e24ae5 GCU support for Cisco-8000 features (#3010)
67e1c3dc Update GCU rsyslog validator (#3012)
253b7975 [sonic-package-manager] do not modify config_db.json (#3032)
177dd8e8 [sonic-package-manager] add generated service to /etc/sonic/generated_services.conf (#3037)
62fcd77a Configure NTP according to extended configuration (#2835)
ced09404 [dualtor_neighbor_check] Adjust zero-mac check condition (#3034)
a4eeb698 [config] config reload should generate sysinfo if missing  (#3031)
e01fc891 Run yang validation in unit test (#3025)

Signed-off-by: Saikrishna Arcot <[email protected]>
yxieca pushed a commit that referenced this pull request Dec 14, 2023
…atically (#17457)

src/sonic-utilities

* 1b1402f5 - (HEAD -> 202311, origin/202311) [hash]: Add ECMP/LAG hash algorithm CLI (#3036) (9 days ago) [Nazarii Hnydyn]
* 71514ea3 - Revert "Run yang validation in unit test (#3025)" (#3055) (9 days ago) [Ying Xie]
* b5daf5d4 - [dhcp_relay] Fix dhcp_relay counter display issue (#3054) (9 days ago) [Yaqiang Zhu]
* b3172505 - [sflow][db_migrator] Egress Sflow support (#3020) (9 days ago) [Rajkumar-Marvell]
* 1e813105 - [wol] Implement wol command line utility (#3048) (3 weeks ago) [Zhijian Li]
* 8ebc56a0 - [sonic_installer]: Improve exception handling: introduce notes. (#3029) (3 weeks ago) [Nazarii Hnydyn]
* 3610ce93 - [sonic-package-manager] Fix YANG validation failure on upgrade when feature has constraints in YANG model on FEATURE table (#2933) (3 weeks ago) [Stepan Blyshchak]
* cfd2dd39 - Add container rsyslog.conf to the sys dump (#3039) (4 weeks ago) [Vivek]
* c4b07828 - Support new platform in generic configuration update (#3038) (4 weeks ago) [Stephen Sun]
* a8d236c8 - [fast-reboot-filter-routes.py] Remove click and improve error reporting (#3030) (4 weeks ago) [Stepan Blyshchak]
* 75199c0f - [sonic-package-manager] insert newline in /etc/sonic/generated_services.conf (#3040) (4 weeks ago) [Stepan Blyshchak]
* cd855698 - [VOQ][saidump] Modify generate_dump: replace save_saidump with save_saidump_by_route_size (#2972) (4 weeks ago) [JunhongMao]
* f1e24ae5 - GCU support for Cisco-8000 features (#3010) (4 weeks ago) [rbpittman]
* 67e1c3dc - Update GCU rsyslog validator (#3012) (4 weeks ago) [jingwenxie]
* 253b7975 - [sonic-package-manager] do not modify config_db.json (#3032) (5 weeks ago) [Stepan Blyshchak]
* 177dd8e8 - [sonic-package-manager] add generated service to /etc/sonic/generated_services.conf (#3037) (5 weeks ago) [Stepan Blyshchak]
* 62fcd77a - Configure NTP according to extended configuration (#2835) (5 weeks ago) [Yevhen Fastiuk]
* ced09404 - [dualtor_neighbor_check] Adjust zero-mac check condition (#3034) (5 weeks ago) [Longxiang Lyu]
* a4eeb698 - [config] config reload should generate sysinfo if missing  (#3031) (6 weeks ago) [jingwenxie]
* e01fc891 - Run yang validation in unit test (#3025) (6 weeks ago) [ganglv]
yxieca pushed a commit that referenced this pull request Jan 23, 2024
…atically (#17849)

src/sonic-utilities

* 7a7305e9 - (HEAD -> 202205, origin/202205) Fix issue: out of range sflow polling interval is accepted and stored in config_db (#2847) (#3123) (3 hours ago) [Stephen Sun]
* 06d11339 - [config] config reload should generate sysinfo if missing  (#3031) (#3126) (21 hours ago) [jingwenxie]
* bef96a1d - [202205] Allow using latest sonic-swss-common build even if tests failed (#3127) (4 days ago) [Saikrishna Arcot]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants