[sshd] Close SSH connections after 15 minutes of inactivity #3031
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Retest vs please |
lguohan
reviewed
Jul 3, 2019
lguohan
approved these changes
Jul 7, 2019
yxieca
pushed a commit
that referenced
this pull request
Jul 10, 2019
- What I did Configure sshd to close all SSH connetions after 15 minutes of inactivity. - How I did it Set ClientAliveInterval to 900 (900 seconds = 15 minutes) and ClientAliveCountMax to 0 in /etc/ssh/sshd_config using augtool in build_debian.sh. In the process, I refactored the existing augtool command for sshd_config so as to add comments and empty lines to file for readability. - How to verify it Log into device via management port. Wait 15 minutes without sending a keystroke -- you should be automatically logged out.
|
This is an abuse of the OpenSSH The fact that it did with Fortunately, I might add. This is a pretty annoying «feature» – getting thrown out every 15 minutes is infuriating. Even one is not actually sending any keystrokes to the SSH session this does not mean that it is «inactive». One might be trying to debug some issue by passively monitoring streaming log output from This pull request is IMHO missing a clear rationale or a «Why I did it» section. This is not the default behaviour in OpenSSH nor in any other mainstream Linux distribution as far as I know. Why deviate? |
yxieca
pushed a commit
that referenced
this pull request
Nov 30, 2023
* Update sonic-utilities to master branch version sonic-utilities was (intentionally) pointing to a commit on a fork, since merging sonic-utilities's changes for Bookworm first onto the master branch would result in PR checker failures. Now that sonic-buildimage is on master branch and the Bookworm changes in sonic-utilities have been merged into master, sonic-utilties can now point to master. 17e77fe2 Revert "Run yang validation in unit test (#3025)" (#3055) 96dd5559 [dhcp_relay] Fix dhcp_relay counter display issue (#3054) 6dfeee69 [sflow][db_migrator] Egress Sflow support (#3020) 02a588b7 Don't collect /proc/sched_debug d7ec3251 Fix error about having a mutable default for field headers in dataclass 0ab3ab91 Fix test execution on Bookworm (#3041) ef8f6f83 Specify test dependencies under extra_requires 61c44e80 Update python packages 1e813105 [wol] Implement wol command line utility (#3048) 8ebc56a0 [sonic_installer]: Improve exception handling: introduce notes. (#3029) 3610ce93 [sonic-package-manager] Fix YANG validation failure on upgrade when feature has constraints in YANG model on FEATURE table (#2933) cfd2dd39 Add container rsyslog.conf to the sys dump (#3039) c4b07828 Support new platform in generic configuration update (#3038) a8d236c8 [fast-reboot-filter-routes.py] Remove click and improve error reporting (#3030) 75199c0f [sonic-package-manager] insert newline in /etc/sonic/generated_services.conf (#3040) cd855698 [VOQ][saidump] Modify generate_dump: replace save_saidump with save_saidump_by_route_size (#2972) f1e24ae5 GCU support for Cisco-8000 features (#3010) 67e1c3dc Update GCU rsyslog validator (#3012) 253b7975 [sonic-package-manager] do not modify config_db.json (#3032) 177dd8e8 [sonic-package-manager] add generated service to /etc/sonic/generated_services.conf (#3037) 62fcd77a Configure NTP according to extended configuration (#2835) ced09404 [dualtor_neighbor_check] Adjust zero-mac check condition (#3034) a4eeb698 [config] config reload should generate sysinfo if missing (#3031) e01fc891 Run yang validation in unit test (#3025) Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
yxieca
pushed a commit
that referenced
this pull request
Dec 14, 2023
…atically (#17457) src/sonic-utilities * 1b1402f5 - (HEAD -> 202311, origin/202311) [hash]: Add ECMP/LAG hash algorithm CLI (#3036) (9 days ago) [Nazarii Hnydyn] * 71514ea3 - Revert "Run yang validation in unit test (#3025)" (#3055) (9 days ago) [Ying Xie] * b5daf5d4 - [dhcp_relay] Fix dhcp_relay counter display issue (#3054) (9 days ago) [Yaqiang Zhu] * b3172505 - [sflow][db_migrator] Egress Sflow support (#3020) (9 days ago) [Rajkumar-Marvell] * 1e813105 - [wol] Implement wol command line utility (#3048) (3 weeks ago) [Zhijian Li] * 8ebc56a0 - [sonic_installer]: Improve exception handling: introduce notes. (#3029) (3 weeks ago) [Nazarii Hnydyn] * 3610ce93 - [sonic-package-manager] Fix YANG validation failure on upgrade when feature has constraints in YANG model on FEATURE table (#2933) (3 weeks ago) [Stepan Blyshchak] * cfd2dd39 - Add container rsyslog.conf to the sys dump (#3039) (4 weeks ago) [Vivek] * c4b07828 - Support new platform in generic configuration update (#3038) (4 weeks ago) [Stephen Sun] * a8d236c8 - [fast-reboot-filter-routes.py] Remove click and improve error reporting (#3030) (4 weeks ago) [Stepan Blyshchak] * 75199c0f - [sonic-package-manager] insert newline in /etc/sonic/generated_services.conf (#3040) (4 weeks ago) [Stepan Blyshchak] * cd855698 - [VOQ][saidump] Modify generate_dump: replace save_saidump with save_saidump_by_route_size (#2972) (4 weeks ago) [JunhongMao] * f1e24ae5 - GCU support for Cisco-8000 features (#3010) (4 weeks ago) [rbpittman] * 67e1c3dc - Update GCU rsyslog validator (#3012) (4 weeks ago) [jingwenxie] * 253b7975 - [sonic-package-manager] do not modify config_db.json (#3032) (5 weeks ago) [Stepan Blyshchak] * 177dd8e8 - [sonic-package-manager] add generated service to /etc/sonic/generated_services.conf (#3037) (5 weeks ago) [Stepan Blyshchak] * 62fcd77a - Configure NTP according to extended configuration (#2835) (5 weeks ago) [Yevhen Fastiuk] * ced09404 - [dualtor_neighbor_check] Adjust zero-mac check condition (#3034) (5 weeks ago) [Longxiang Lyu] * a4eeb698 - [config] config reload should generate sysinfo if missing (#3031) (6 weeks ago) [jingwenxie] * e01fc891 - Run yang validation in unit test (#3025) (6 weeks ago) [ganglv]
yxieca
pushed a commit
that referenced
this pull request
Jan 23, 2024
…atically (#17849) src/sonic-utilities * 7a7305e9 - (HEAD -> 202205, origin/202205) Fix issue: out of range sflow polling interval is accepted and stored in config_db (#2847) (#3123) (3 hours ago) [Stephen Sun] * 06d11339 - [config] config reload should generate sysinfo if missing (#3031) (#3126) (21 hours ago) [jingwenxie] * bef96a1d - [202205] Allow using latest sonic-swss-common build even if tests failed (#3127) (4 days ago) [Saikrishna Arcot]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
Configure sshd to close all SSH connetions after 15 minutes of inactivity.
- How I did it
Set
ClientAliveIntervalto900(900 seconds = 15 minutes) andClientAliveCountMaxto0in /etc/ssh/sshd_config using augtool in build_debian.sh. In the process, I refactored the existing augtool command for sshd_config so as to add comments and empty lines to file for readability.
- How to verify it