[Focal] session terminated, ssh service timing out for idle sessions on Focal instances

Description

In Focal, it appears (inactive) ssh sessions get terminated after 15 minutes or so with the following error:

Session terminated, killing shell

Because the shell is killed on the server, tmux does not restore the session once a user re-connects to the server via ssh.

Perhaps modifying ClientAliveInterval or ClientAliveCountMax might allow the session to be kept alive, but it appears the shell is being terminated, not the ssh connection. This appears to be a change from Xenial. This does not affect subsequent installs, only idle tmux sessions over ssh.

Terminating idle sessions is generally a good practice, though the benefits may be limited since the tails admin workstation is exclusively used to manage SecureDrop servers.


OSSEC HIDS Notification.
2021 Feb 08 18:29:27

Received From: mon->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Feb  8 18:29:26 mon systemd[1]: ssh.service: Failed with result 'timeout'.

 --END OF NOTIFICATION

OSSEC HIDS Notification.
2021 Feb 08 18:29:27

Received From: mon->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Feb  8 18:29:26 mon systemd[1]: Failed to start OpenBSD Secure Shell server.

 --END OF NOTIFICATION

Steps to Reproduce

Install focal, with ssh over tor
ssh to app or mon
wait 15 minutes (or so)
get disconnected

Expected Behavior

I am not sure what the best behavior should be here. Should the timeout be handled by ssh, or should the shell handle the timeout. At the very least, an ossec alert should not be send to admins once an idle session is terminated.

Actual Behavior

An ossec alert is sent to an admin (see above).

Comments

Suggestions to fix, any other relevant information.

freedomofpress / securedrop