From 69334996ae203c51c70bf01d414c918a44618f8e Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Sat, 25 Jan 2020 22:41:01 +0000 Subject: upstream: make sshd_config:ClientAliveCountMax=0 disable the connection killing behaviour, rather than killing the connection after sending the first liveness test probe (regardless of whether the client was responsive) bz2627; ok markus OpenBSD-Commit-ID: 5af79c35f4c9fa280643b6852f524bfcd9bccdaf --- serverloop.c | 5 +++-- sshd_config.5 | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/serverloop.c b/serverloop.c index e16eabe27..a8c99e2e0 100644 --- a/serverloop.c +++ b/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.220 2020/01/25 04:48:26 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.221 2020/01/25 22:41:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -184,7 +184,8 @@ client_alive_check(struct ssh *ssh) int r, channel_id; /* timeout, check to see how many we have had */ - if (ssh_packet_inc_alive_timeouts(ssh) > + if (options.client_alive_count_max > 0 && + ssh_packet_inc_alive_timeouts(ssh) > options.client_alive_count_max) { sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); logit("Timeout, client not responding from %s", remote_id); diff --git a/sshd_config.5 b/sshd_config.5 index d47cb0d24..2cddbd598 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.301 2020/01/25 22:36:22 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.302 2020/01/25 22:41:01 djm Exp $ .Dd $Mdocdate: January 25 2020 $ .Dt SSHD_CONFIG 5 .Os @@ -519,6 +519,9 @@ is set to 15, and .Cm ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. +Setting a zero +.Cm ClientAliveCountMax +disables connection termination. .It Cm ClientAliveInterval Sets a timeout interval in seconds after which if no data has been received from the client, -- cgit v1.2.3