IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Sending SSH_MSG_GLOBAL_REQUEST as keep-alive to the client
Hi,
I didn't see any responses to this. Does anyone have any objection to
this being included?
Thanks,
Chris
On Sat, 6 Nov 2004, denis bider wrote:
> Hi everyone,
>
> in our server we have had some problems with detecting broken sessions from
> clients in the past - the underlying sockets layer would simply not report
> the session being terminated although effectively it was dead - and we
> didn't want to solve it with an inactivity timeout because for our purposes
> that would have to be too long, so my solution was to implement a sort of
> ping feature in the server: the server sends an SSH_MSG_GLOBAL_REQUEST of an
> arbitrary (locally defined) type, and expects to receive either SUCCESS or
> FAILURE from the client. If neither arrives, and no other data either, the
> session is deemed to be broken, and is closed.
>
> This works fine with all recent clients I have had the chance of testing.
> However we have had some reports from customers using older versions of
> OpenSSH, which seem to bomb out and disconnect when SSH_MSG_GLOBAL_REQUEST
> is received. The misbehaving versions I am aware of include 2.9, a
> prehistoric one but still fairly widely deployed, apparently.
>
> I believe that our server's behavior is correct according to the
> specification. [CONNECT] does not explicitly say that global requests should
> be handled by the client gracefully, but it does seem to imply so in its
> non-biased description of the general nature of the packet (section 4 -
> Global Requests): it refers to 'originator' and 'recipient' rather than
> client and server, which supports the view that it should be possible for
> servers to also send global requests. Indeed, we also use similar
> server-side requests for purposes other than broken session detection in our
> products.
>
> But seeing that clients may exist which cannot handle this message, might it
> be prudent to add an explicit note in [CONNECT] stating that clients should
> handle unrecognized global requests gracefully? The note could be this
> (appended to the end of section 4 - Global Requests):
>
> Note that, while this document defines only request messages sent
> by client to server, a server MAY also send global requests to the client.
> Such request types may be defined by an external specification, by
> local convention or may be sent with merely the intention of eliciting
> a response in order to validate that a session is still active. A client
> MUST gracefully handle unrecognized global requests by ignoring
> them and sending an SSH_MSG_REQUEST_FAILURE response.
>
> A similar note should then also be appended to the end of section 5.4 -
> Channel-Specific Requests.
>
> Best regards,
>
> denis
>
>
>
Home |
Main Index |
Thread Index |
Old Index