Bug 22592

Summary: openssh-server 2.3.0p1-4 fails to recognize dropped connections
Product: [Retired] Red Hat Linux Reporter: David Golden <dg-junk>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: dr
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-02 16:50:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Golden 2000-12-20 19:42:56 UTC 
Problem:  In some situations, sshd does not terminate when client 
connections drop, even if KeepAlives are turned on.  "w" shows ghost 
users, and open processes (sshd and running programs) consume system 
resources until manually killed.

System:  i386, RH7, openssh-server-2.3.0p1-4, kernel 2.2.17

Details:

Observed primarily when the ssh client is behind a masquerading firewall.  
When the client was idle for a period of time, the firewall would timeout 
the connection, leading the client to recognize a dropped connection (when 
a key was finally pressed).  However, the sshd process that was spawned 
did not terminate, even after several hours.  KeepAlives are turned on.  
This was repeatable for my configuration.  (Linux server at home on DSL, 
laptop client at work behind firewall.)

This was also observed when an ssh client from a machine with a real IP 
address was suddenly disconnected.  (Cable unplugged and machine turned 
off.)  "w" displayed a user idle over 24 hours, well past the tcp 
keepalive window of 2 hours.

Of note, the non-open version of sshd used previously (from ssh.com) has 
an "IdleTimeout" configuration directive that would terminate connection 
after a period of nonuse.  That directive and functionality appears 
deprecated (or never included) in openssh.  It would be an effective 
workaround to the bug described above, as it would recognize no user 
activity, even if the TCP keepalive was not functioning correctly for some 
reason.

Separately, IdleTimeout would be a great feature to have back (as an 
option for those system administrators that want it) and should perhaps be 
added as a feature request separate from this bug report.
Comment 1 Tomas Mraz 2005-02-02 16:50:37 UTC 
I can't reproduce this with openssh server in the current Fedora Core.