• Re: ssh drop connection when running command with output

    From Lew Pitcher@21:1/5 to Richard Harnden on Wed Dec 1 17:02:30 2021
    On Wed, 01 Dec 2021 16:33:44 +0000, Richard Harnden wrote:

    Hi,

    I have /etc/ssh/sshd_config containg ...
    ClientAliveCountMax 0
    ClientAliveInterval 300

    If I run a command that takes >300 secs and produces output then it
    drops my ssh session:

    $ time foo a
    b
    c
    d
    eConnection to xxx closed by remote host.
    Connection to xxx closed.

    Now, if I redirect stdout it works fine:

    $ time foo >foo.out

    real 6m0.68s

    It that to be expected?

    Given your values for ClientAliveCountMax and ClientAliveInterval,
    yes, this behaviour is expected. (see sshd_config(5) for details)

    You've set ClientAliveInterval to 300, telling the sshd server
    to "send a message through the encrypted channel to request a
    response from the client" after 300 seconds of client inactivity.

    You've set ClientAliveCountMax to 0, telling the sshd server
    that it may send up to zero client alive messages before
    terminating the connection.

    So, after 300 seconds of client inactivity, the sshd daemon
    will terminate it's connection with the client.

    I would kinda like to see the output as it's generated.

    So, you have two tuning "knobs" to play with here:
    1) ClientAliveInterval, and
    2) ClientAliveCountMax

    You specifically chose to override the default values for
    these two "knobs", presumably to satisfy /some/ requirement.
    You can adjust one or both of these values to extend your
    inactivity timeout, but we can only /guess/ as to which
    value you need to tune to satisfy both your current
    requirement ("I would kinda like to see the output as it's
    generated" and the original requirement that made you change
    the defaults values.

    HTH
    --
    Lew Pitcher
    "In Skills, We Trust"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Harnden@21:1/5 to All on Wed Dec 1 16:33:44 2021
    Hi,

    I have /etc/ssh/sshd_config containg ...
    ClientAliveCountMax 0
    ClientAliveInterval 300

    If I run a command that takes >300 secs and produces output then it
    drops my ssh session:

    $ time foo
    a
    b
    c
    d
    eConnection to xxx closed by remote host.
    Connection to xxx closed.

    Now, if I redirect stdout it works fine:

    $ time foo >foo.out

    real 6m0.68s

    It that to be expected?

    I would kinda like to see the output as it's generated.

    Thanks,
    Richard

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Harnden@21:1/5 to Lew Pitcher on Wed Dec 1 17:16:18 2021
    On 01/12/2021 17:02, Lew Pitcher wrote:
    On Wed, 01 Dec 2021 16:33:44 +0000, Richard Harnden wrote:

    Hi,

    I have /etc/ssh/sshd_config containg ...
    ClientAliveCountMax 0
    ClientAliveInterval 300

    If I run a command that takes >300 secs and produces output then it
    drops my ssh session:

    $ time foo a
    b
    c
    d
    eConnection to xxx closed by remote host.
    Connection to xxx closed.

    Now, if I redirect stdout it works fine:

    $ time foo >foo.out

    real 6m0.68s

    It that to be expected?

    Given your values for ClientAliveCountMax and ClientAliveInterval,
    yes, this behaviour is expected. (see sshd_config(5) for details)

    You've set ClientAliveInterval to 300, telling the sshd server
    to "send a message through the encrypted channel to request a
    response from the client" after 300 seconds of client inactivity.

    You've set ClientAliveCountMax to 0, telling the sshd server
    that it may send up to zero client alive messages before
    terminating the connection.

    So, after 300 seconds of client inactivity, the sshd daemon
    will terminate it's connection with the client.

    Yes, but why does "tail -f foo.log" count as inactive, but "tail -f
    foo.log >/dev/null" will happily run forever.


    I would kinda like to see the output as it's generated.

    So, you have two tuning "knobs" to play with here:
    1) ClientAliveInterval, and
    2) ClientAliveCountMax

    You specifically chose to override the default values for
    these two "knobs", presumably to satisfy /some/ requirement.

    The requirement is CIS Red Hat Enterprise Linux 8 Benchmark - 5.2.13
    Ensure SSH Idle Timeout Interval is configured.

    I'm not sure that I'll be allowed to have any choice.

    You can adjust one or both of these values to extend your
    inactivity timeout, but we can only /guess/ as to which
    value you need to tune to satisfy both your current
    requirement ("I would kinda like to see the output as it's
    generated" and the original requirement that made you change
    the defaults values.

    ClientAliveCountMax 1 fixes it.

    As does remembering to hit return every 299 seconds.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Christian Weisgerber@21:1/5 to Lew Pitcher on Wed Dec 1 18:53:12 2021
    On 2021-12-01, Lew Pitcher <lew.pitcher@digitalfreehold.ca> wrote:

    ClientAliveCountMax 0
    ClientAliveInterval 300

    Given your values for ClientAliveCountMax and ClientAliveInterval,
    yes, this behaviour is expected. (see sshd_config(5) for details)

    This has been changed starting from OpenSSH 8.2 (released on 2020-02-14):

    Bugfixes
    --------
    * sshd(8): make ClientAliveCountMax=0 have sensible semantics: it
    will now disable connection killing entirely rather than the
    current behaviour of instantly killing the connection after the
    first liveness test regardless of success. bz2627

    The man page now reads
    "Setting a zero ClientAliveCountMax disables connection termination."

    --
    Christian "naddy" Weisgerber naddy@mips.inka.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Harnden@21:1/5 to Christian Weisgerber on Thu Dec 2 11:39:40 2021
    On 01/12/2021 18:53, Christian Weisgerber wrote:
    On 2021-12-01, Lew Pitcher <lew.pitcher@digitalfreehold.ca> wrote:

    ClientAliveCountMax 0
    ClientAliveInterval 300

    Given your values for ClientAliveCountMax and ClientAliveInterval,
    yes, this behaviour is expected. (see sshd_config(5) for details)

    This has been changed starting from OpenSSH 8.2 (released on 2020-02-14):

    Bugfixes
    --------
    * sshd(8): make ClientAliveCountMax=0 have sensible semantics: it
    will now disable connection killing entirely rather than the
    current behaviour of instantly killing the connection after the
    first liveness test regardless of success. bz2627

    The man page now reads
    "Setting a zero ClientAliveCountMax disables connection termination."


    Thanks.

    I also found this: https://bugzilla.redhat.com/show_bug.cgi?id=2008339

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)