Description
Description
In Focal, it appears (inactive) ssh sessions get terminated after 15 minutes or so with the following error:
Session terminated, killing shell
Because the shell is killed on the server, tmux does not restore the session once a user re-connects to the server via ssh.
Perhaps modifying ClientAliveInterval or ClientAliveCountMax might allow the session to be kept alive, but it appears the shell is being terminated, not the ssh connection. This appears to be a change from Xenial. This does not affect subsequent installs, only idle tmux sessions over ssh.
Terminating idle sessions is generally a good practice, though the benefits may be limited since the tails admin workstation is exclusively used to manage SecureDrop servers.
OSSEC HIDS Notification.
2021 Feb 08 18:29:27
Received From: mon->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Feb 8 18:29:26 mon systemd[1]: ssh.service: Failed with result 'timeout'.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2021 Feb 08 18:29:27
Received From: mon->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Feb 8 18:29:26 mon systemd[1]: Failed to start OpenBSD Secure Shell server.
--END OF NOTIFICATION
Steps to Reproduce
- Install focal, with ssh over tor
- ssh to
appormon - wait 15 minutes (or so)
- get disconnected
Expected Behavior
I am not sure what the best behavior should be here. Should the timeout be handled by ssh, or should the shell handle the timeout. At the very least, an ossec alert should not be send to admins once an idle session is terminated.
Actual Behavior
An ossec alert is sent to an admin (see above).
Comments
Suggestions to fix, any other relevant information.