Bug 22592 - openssh-server 2.3.0p1-4 fails to recognize dropped connections
Summary: openssh-server 2.3.0p1-4 fails to recognize dropped connections
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh
Version: 7.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2000-12-20 19:42 UTC by David Golden
Modified: 2007-04-18 16:30 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2005-02-02 16:50:37 UTC

Attachments (Terms of Use)

Description David Golden 2000-12-20 19:42:56 UTC
Problem:  In some situations, sshd does not terminate when client 
connections drop, even if KeepAlives are turned on.  "w" shows ghost 
users, and open processes (sshd and running programs) consume system 
resources until manually killed.

System:  i386, RH7, openssh-server-2.3.0p1-4, kernel 2.2.17


Observed primarily when the ssh client is behind a masquerading firewall.  
When the client was idle for a period of time, the firewall would timeout 
the connection, leading the client to recognize a dropped connection (when 
a key was finally pressed).  However, the sshd process that was spawned 
did not terminate, even after several hours.  KeepAlives are turned on.  
This was repeatable for my configuration.  (Linux server at home on DSL, 
laptop client at work behind firewall.)

This was also observed when an ssh client from a machine with a real IP 
address was suddenly disconnected.  (Cable unplugged and machine turned 
off.)  "w" displayed a user idle over 24 hours, well past the tcp 
keepalive window of 2 hours.

Of note, the non-open version of sshd used previously (from ssh.com) has 
an "IdleTimeout" configuration directive that would terminate connection 
after a period of nonuse.  That directive and functionality appears 
deprecated (or never included) in openssh.  It would be an effective 
workaround to the bug described above, as it would recognize no user 
activity, even if the TCP keepalive was not functioning correctly for some 

Separately, IdleTimeout would be a great feature to have back (as an 
option for those system administrators that want it) and should perhaps be 
added as a feature request separate from this bug report.

Comment 1 Tomas Mraz 2005-02-02 16:50:37 UTC
I can't reproduce this with openssh server in the current Fedora Core.

Note You need to log in before you can comment on or make changes to this bug.