Bug#300840: openssh-server: please consider setting ClientAliveInterval in the default config

[Marc Haber <mh+debian-bugs@zugschlus.de>]

Package: openssh-server
Version: 3.9p1-2
Severity: wishlist

Hi,

please consider setting ClientAliveInterval in the default
configuration. I would like to suggest a ClientAliveInterval of 3600,
and a ClientAliveCountMax of 6, killing all ssh sessions where the
client hasn't replied to a application level "ping" on the application
level.

There are setups where the TCP session stays up while the client is
long gone, for example when the client connects via a firewall setup via

ssh -o"proxycommand ssh bastion socket -q %h %p" host

If the ssh session to the bastion host dies, the socket process won't,
keeping the tcp session up. This situation is not noticed by the ssh
server without application level keepalives.

I think this change would be a good thing for the ssh packages in
experimental since this is the opportunity to get some testing before
the change gets into unstable. Please consider applying it.

This option might, however, interfere suboptimally with older openssh
clients or clients that are not openssh. That's why I would like to
suggest applying to experimental first.

Florian Weimer has been a great help in preparing this wishlist bug
report by answering my questions and pointing out potential breakage.
Thanks!

Greetings
Marc

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-zgserver
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)