Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 111761

Summary: Suggest adding the watchdog patch to OpenSSH in Red Hat
Product: Red Hat Enterprise Linux 3 Reporter: Richard Allen <ra>
Component: opensshAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-04-20 13:38:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Richard Allen 2003-12-09 19:20:08 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
Im unlucky enough to be working behind a Cisco PIX firewall, and every
time a ssh connection is idle for a certain amount of time that PIX
firewall tears down the connection.
Not only is my session killed, but it leaves a hanging sshd on the
remote machine (that eventually does time out, but its still an
annoyance).

I patched OpenSSH to use the watchdog patch on my client box and set
the Heartbeat rate to one pr. minute.   Now the PIX does not kill my
connections.   I even still have them in the morning when returning to
work.   Life is good now :)

The patch is very well done.  the client (ssh) sends a SSH_MSG_IGNORE
message every "Heartbeat" seconds and pr. the SSH standard, all ssh
(sshd's) servers must accept and ignore those messages, so no changes
are needed in ssh servers for this feature.  OpenSSH already shipping
with from Red Hat already handles the SSH_MSG_IGNORE messges correctly.

The patch also has a second feature (hence the name) and thats a
watchdog feature for the server.   It's function is to detect when
clients have gone away and terminate the connection (and the sshd
child process that had it).

New config directives are:
In /etc/ssh/ssh_config:
Heartbeat N

and in /etc/ssh/sshd_config:
Watchdog N

N = seconds.   If 0 the feature is disabled.

The patch can be found here:
http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html

And I suggest it be included in everything from Fedora Core to the
Advanced server.  It can be shipped with the new directives defaulting
to 0 so no change is apparent in functionality unless the user chooses
to activate them.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
Not a bug, nothing to reproduce.
    

Additional info:
Comment 1 Richard Allen 2003-12-09 19:23:48 UTC 
I documented the Watchdog config directives incorrectly.
Its:

Watchdogtimeout N
(or Watchdogtimeout1 N if you only want to afffect SSH1 protocol)
Comment 2 Suzanne Hillman 2003-12-15 20:53:49 UTC 
Internal RFE bug #112191 entered - will be considered for future releases.
Comment 3 Suzanne Hillman 2004-04-20 13:38:26 UTC 
Please follow up with this request with the original package
maintainer for OpenSSH. If it is not changed upstream, it will not be
something we can include in RHEL.