Home Explore Help
Register Sign In
fphammerle
/
docker-borgbackup-sshd
mirror of https://github.com/fphammerle/docker-borgbackup-sshd
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

sshd: terminate/timeout session if client does not respond to keep alive requests for 5 minutes

Fabian Peter Hammerle 1 year ago
parent
17b658f070
commit
ea67bc0f8a
2 changed files with 13 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      CHANGELOG.md
  2. 11 0
      sshd_config

+ 2 - 0
CHANGELOG.md
View File 

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
 ### Changed
 
 - `sshd`: no longer accept RSA keys < 2048 bits for authentication
 
+- `sshd`: terminate session if client does not respond to keep alive requests
 
+  for 5 minutes
 
 
 ## [1.0.0] - 2022-11-04
 
 ### Added

+ 11 - 0
sshd_config
View File 

@@ -37,4 +37,15 @@ PermitUserEnvironment no
 
 PrintMotd no
 
 PermitTTY no
 
 
+# > In the event that the SSH connection [...] is disconnected or stuck
 
+# > abnormally [...], it can take a long time for sshd to notice the client is
 
+# > disconnected. [...] [Configure sshd] to send a keep alive to the client
 
+# > every 10 seconds. If 30 consecutive keepalives are sent without a response
 
+# > [...], the server’s sshd process will be terminated, causing the borg serve
 
+# > process to terminate gracefully and release the lock on the repository.
 
+# https://web.archive.org/web/20221101185048/https://borgbackup.readthedocs.io/en/stable/usage/serve.html#ssh-configuration
 
+# > The TCP keepalive option enabled by TCPKeepAlive is spoofable.
 
+ClientAliveInterval 10
 
+ClientAliveCountMax 30
 
+
 
 # ForceCommand via command= in ~/.ssh/authorized_keys