Red Hat Bugzilla – Bug 22592
openssh-server 2.3.0p1-4 fails to recognize dropped connections
Last modified: 2007-04-18 12:30:16 EDT
Problem: In some situations, sshd does not terminate when client
connections drop, even if KeepAlives are turned on. "w" shows ghost
users, and open processes (sshd and running programs) consume system
resources until manually killed.
System: i386, RH7, openssh-server-2.3.0p1-4, kernel 2.2.17
Observed primarily when the ssh client is behind a masquerading firewall.
When the client was idle for a period of time, the firewall would timeout
the connection, leading the client to recognize a dropped connection (when
a key was finally pressed). However, the sshd process that was spawned
did not terminate, even after several hours. KeepAlives are turned on.
This was repeatable for my configuration. (Linux server at home on DSL,
laptop client at work behind firewall.)
This was also observed when an ssh client from a machine with a real IP
address was suddenly disconnected. (Cable unplugged and machine turned
off.) "w" displayed a user idle over 24 hours, well past the tcp
keepalive window of 2 hours.
Of note, the non-open version of sshd used previously (from ssh.com) has
an "IdleTimeout" configuration directive that would terminate connection
after a period of nonuse. That directive and functionality appears
deprecated (or never included) in openssh. It would be an effective
workaround to the bug described above, as it would recognize no user
activity, even if the TCP keepalive was not functioning correctly for some
Separately, IdleTimeout would be a great feature to have back (as an
option for those system administrators that want it) and should perhaps be
added as a feature request separate from this bug report.
I can't reproduce this with openssh server in the current Fedora Core.