| Summary: | [RFE] Apply ConnectTimout during SSH Banner exchange | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | J.H.M. Dassen (Ray) <rdassen> |
| Component: | openssh | Assignee: | Jan F. Chadima <jchadima> |
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 5.6 | CC: | bgollahe, rbinkhor |
| Target Milestone: | rc | Keywords: | FutureFeature, Triaged |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-16 21:04:54 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 554476 | ||
This bug is resolved in RHE6. Therefore, we recommend upgrading to RHEL6 all users who are affected by this issue. Product Management has reviewed and declined this request. You may appeal this decision by reopening this request. |
2. What is the nature and description of the request? Apply ConnectTimout during SSH Banner exchange. Openssh provided with RHEL 5 is openssh-4.3p2-72.el5. This version does not implement ConnectTimout option during SSH Banner exchange. This was implemented in Openssh-4.9 version in upstream. Changelogs of Openssh 4.9 says the following "ssh(1)'s ConnectTimeout option is now applied to both the TCP connection and the SSH banner exchange (previously it just covered the TCP connection). This allows callers of ssh(1) to better detect and deal with stuck servers that accept a TCP connection but don't progress the protocol, and also makes ConnectTimeout useful for connections via a ProxyCommand." 3. Why does the customer need this? (List the business requirements here) "We developed a centralized administration console for *NIX (linux, aix, sunos and hpux) systems. This console is installed in a RedHat system using SSH client v4.3. Additionally to the Web Console Application the system has several batch processes to do some maintenance actions such as validating connectivity with each administrated server or validating coherency between the configuration data stored in our databases and the physical real configuration present at that moment in the servers. The connections between our system and the administrated servers is always by ssh. We send always de ssh command with -o ConnectTimeout=60 parameter. But we found that in some cases de sshd remote daemon is not working properly and an error occurs during banner exchange (error: Connection timed out during banner exchange). In this cases the ssh command gets stuck and ignores the sentence ConnectioTimeout=60. For us this is a big problem because some of this batch processes work in serialized mode, and if one connection gets stuck the batch process gets stopped at this point until someone notices and fixes it killing the stuck connection. This problem is especially critical in processes that change expired passwords." 4. How would the customer like to achieve this? (List the functional requirements here) "Now we must regularly review our batch processes to validate that we have no stuck connections and thus advancing the potential problems this may cause." 5. For each functional requirement listed in question 4, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Yes. 6. Is there already an existing RFE upstream or in Red Hat bugzilla? Feature is already implemented in Openssh 4.9. 7. How quickly does this need resolved? (desired target release) RHEL 5.7 8. Does this request meet the RHEL Inclusion criteria (please review) Yes. 9. List the affected packages OpenSSH. 10. Would the customer be able to assist in testing this functionality if implemented? Yes.