mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
7a981d94cb
By default, both SSH server and client rely on TCP-based keep alive messages to detect broken sessions, which can be spoofed rather easily in order to keep a broken session opened (and vice versa). Since we rely on SSH-based keep alive messages, which are not vulnerable to this kind of tampering, there is no need to double-check connections via TCP keep alive as well. This patch thereof disables using TCP keep alive for both SSH client and server scenario. For usability reasons, a timeout of 5 minutes (10 seconds * 30 keep alive messages = 300 seconds) will be used for both client and server configuration, as 60 seconds were found to be too short for unstable connectivity scenarios. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>