Bug 111761 - Suggest adding the watchdog patch to OpenSSH in Red Hat
Suggest adding the watchdog patch to OpenSSH in Red Hat
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: openssh (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-09 14:20 EST by Richard Allen
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-20 09:38:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Richard Allen 2003-12-09 14:20:08 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
Im unlucky enough to be working behind a Cisco PIX firewall, and every
time a ssh connection is idle for a certain amount of time that PIX
firewall tears down the connection.
Not only is my session killed, but it leaves a hanging sshd on the
remote machine (that eventually does time out, but its still an
annoyance).

I patched OpenSSH to use the watchdog patch on my client box and set
the Heartbeat rate to one pr. minute.   Now the PIX does not kill my
connections.   I even still have them in the morning when returning to
work.   Life is good now :)

The patch is very well done.  the client (ssh) sends a SSH_MSG_IGNORE
message every "Heartbeat" seconds and pr. the SSH standard, all ssh
(sshd's) servers must accept and ignore those messages, so no changes
are needed in ssh servers for this feature.  OpenSSH already shipping
with from Red Hat already handles the SSH_MSG_IGNORE messges correctly.

The patch also has a second feature (hence the name) and thats a
watchdog feature for the server.   It's function is to detect when
clients have gone away and terminate the connection (and the sshd
child process that had it).

New config directives are:
In /etc/ssh/ssh_config:
Heartbeat N

and in /etc/ssh/sshd_config:
Watchdog N

N = seconds.   If 0 the feature is disabled.

The patch can be found here:
http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html

And I suggest it be included in everything from Fedora Core to the
Advanced server.  It can be shipped with the new directives defaulting
to 0 so no change is apparent in functionality unless the user chooses
to activate them.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
Not a bug, nothing to reproduce.
    

Additional info:
Comment 1 Richard Allen 2003-12-09 14:23:48 EST
I documented the Watchdog config directives incorrectly.
Its:

Watchdogtimeout N
(or Watchdogtimeout1 N if you only want to afffect SSH1 protocol)
Comment 2 Suzanne Hillman 2003-12-15 15:53:49 EST
Internal RFE bug #112191 entered - will be considered for future releases.
Comment 3 Suzanne Hillman 2004-04-20 09:38:26 EDT
Please follow up with this request with the original package
maintainer for OpenSSH. If it is not changed upstream, it will not be
something we can include in RHEL.

Note You need to log in before you can comment on or make changes to this bug.