Implement ClientKeepAlive option (!622) · Merge requests · GitLab.org / gitlab-shell

Igor Drozdov requested to merge id-implement-client-keep-alive into main May 11, 2022

Currently, we have a lot of context canceled errors when we roll out gitlab-sshd. It seems that we had a similar issue before with OpenSSH and resolve it by setting ClientAliveInterval option. The issue says:

Git clients sometimes open a connection and leave it idling, like when compressing objects.
Settings like timeout client in HAProxy might cause these idle connections to be terminated.

Let's implement something similar for gitlab-sshd in order to try to fix the issue. This MR adds a ticker that periodically sends keepalive@openssh.com message to the client (unlike OpenSSH that sends only if no data has been sent). Based on https://www.rfc-editor.org/rfc/rfc8071.txt (Standards Track S7 or Cmd + F -> keepalive) we just need to send non-existent msg name with want-reply:

If a persistent connection is desired, the NETCONF/RESTCONF
       server, as the connection initiator, SHOULD actively test the
       aliveness of the connection using a keep-alive mechanism.  For
       TLS-based connections, the NETCONF/RESTCONF server SHOULD send
       HeartbeatRequest messages, as defined by [RFC6520].  For SSH-
       based connections, per Section 4 of [RFC4254], the server SHOULD
       send an SSH_MSG_GLOBAL_REQUEST message with a purposely
       nonexistent "request name" value (e.g., keepalive@ietf.org) and
       the "want reply" value set to '1'.

Implement ClientKeepAlive option

Merge request reports