Bug 2015828

Summary: openssh patch for sshd_config:ClientAliveCountMax=0 disable the connection killing behaviour
Product: Red Hat Enterprise Linux 8 Reporter: Steve Outteridge <soutteri>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED ERRATA QA Contact: Marek Havrila <mhavrila>
Severity: high Docs Contact: Jan Fiala <jafiala>
Priority: urgent    
Version: 8.6CC: apmukher, ccheney, dbelyavs, gfialova, jafiala, jjelen, mhavrila, rmetrich, sbroz, tsorense
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
.`sshd_config:ClientAliveCountMax=0` disables connection termination Setting the SSHD configuration option `ClientAliveCountMax` to `0` now disables connection termination. This aligns the behavior of this option with the upstream. As a consequence, OpenSSH no longer disconnects idle SSH users when it reaches the timeout configured by the `ClientAliveInterval` option.
 Story Points: ---
Clone Of:
: 2030659 (view as bug list) Environment:
Last Closed: 2022-05-10 15:19:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2030659    

Description Steve Outteridge 2021-10-20 08:16:44 UTC 
Description of problem:


Concerning RHEL 7 and 8, is it planned that this patch :

openssh patch for sshd_config:ClientAliveCountMax=0 disable the connection killing behaviour

https://anongit.mindrot.org/openssh.git/commit/?id=69334996ae203c51c70bf01d414c918a44618f8e

Be integrated in a future version of the openssh package (openssh-server)?

I can see it in bsd release:

https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog

But not in Red Hat change logs:

https://access.redhat.com/downloads/content/openssh-server/8.0p1-10.el8/x86_64/fd431d51/package-changelog
Comment 1 Dmitry Belyavskiy 2021-10-20 09:43:43 UTC 
We currently don't have plans to integrate this patch into RHEL7/RHEL8 series.
Comment 8 Renaud Métrich 2021-12-09 11:27:08 UTC 
*** Bug 2008339 has been marked as a duplicate of this bug. ***
Comment 9 Renaud Métrich 2021-12-09 11:29:45 UTC 
I'm setting this as High/High because all customers implementing DISA compliance may hit this.
Comment 20 errata-xmlrpc 2022-05-10 15:19:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: openssh security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:2013