Bug 22592 - openssh-server 2.3.0p1-4 fails to recognize dropped connections
openssh-server 2.3.0p1-4 fails to recognize dropped connections
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Depends On:
  Show dependency treegraph
Reported: 2000-12-20 14:42 EST by David Golden
Modified: 2007-04-18 12:30 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-02 11:50:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Golden 2000-12-20 14:42:56 EST
Problem:  In some situations, sshd does not terminate when client 
connections drop, even if KeepAlives are turned on.  "w" shows ghost 
users, and open processes (sshd and running programs) consume system 
resources until manually killed.

System:  i386, RH7, openssh-server-2.3.0p1-4, kernel 2.2.17


Observed primarily when the ssh client is behind a masquerading firewall.  
When the client was idle for a period of time, the firewall would timeout 
the connection, leading the client to recognize a dropped connection (when 
a key was finally pressed).  However, the sshd process that was spawned 
did not terminate, even after several hours.  KeepAlives are turned on.  
This was repeatable for my configuration.  (Linux server at home on DSL, 
laptop client at work behind firewall.)

This was also observed when an ssh client from a machine with a real IP 
address was suddenly disconnected.  (Cable unplugged and machine turned 
off.)  "w" displayed a user idle over 24 hours, well past the tcp 
keepalive window of 2 hours.

Of note, the non-open version of sshd used previously (from ssh.com) has 
an "IdleTimeout" configuration directive that would terminate connection 
after a period of nonuse.  That directive and functionality appears 
deprecated (or never included) in openssh.  It would be an effective 
workaround to the bug described above, as it would recognize no user 
activity, even if the TCP keepalive was not functioning correctly for some 

Separately, IdleTimeout would be a great feature to have back (as an 
option for those system administrators that want it) and should perhaps be 
added as a feature request separate from this bug report.
Comment 1 Tomas Mraz 2005-02-02 11:50:37 EST
I can't reproduce this with openssh server in the current Fedora Core.

Note You need to log in before you can comment on or make changes to this bug.