ConfD User Community

Disable "ssh" keepalive with ClientAliveInterval in confd not possible? (netconf callHome)

In case of confd netconf ssh calhome, confd’s “SSH_MSG_GLOBAL_REQUEST keepalive@example.com want-reply=true” is responds with SSH_MSG_REQUEST_FAILURE-response but confd drops/closes connection.
So we want to stop confd to use this feature or dropping the connection.

`<INFO> ` `3` `-Nov-` `2021` `::` `17` `:` `16` `:` `56.293` `v8-virtio-sm-` `0` `confd[` `600` `]: confd Sending additional keepalive message to ` `10.211` `.` `2.203` `:` `31300` `(10s * ` `2` `)`

`<INFO> ` `3` `-Nov-` `2021` `::` `17` `:` `17` `:` `06.296` `v8-virtio-sm-` `0` `confd[` `600` `]: confd Sending additional keepalive message to ` `10.211` `.` `2.203` `:` `31300` `(10s * ` `3` `)`

`<INFO> ` `3` `-Nov-` `2021` `::` `17` `:` `17` `:` `16.300` `v8-virtio-sm-` `0` `confd[` `600` `]: confd Peer, ` `10.211` `.` `2.203` `:` `31300` `, is not responding to alive messages (10s * ` `3` `) - dropping connection`

`<INFO> ` `3` `-Nov-` `2021` `::` `17` `:` `17` `:` `41.499` `v8-virtio-sm-` `0` `confd[` `600` `]: confd Sending additional keepalive message to ` `10.211` `.` `2.203` `:` `31300` `(10s * ` `2` `)`

..

We like same default setup as OpenSSH:

     ClientAliveInterval
             Sets a timeout interval in seconds after which if no data has
             been received from the client, sshd(8) will send a message
             through the encrypted channel to request a response from the
             client.  The default is 0, indicating that these messages will
             not be sent to the client.

But setting

<ssh>
   <clientAliveInterval>0s</clientAliveInterval>
</ssh>

does not work. Setting to 0 (without s) returns:
clientAliveInterval is invalid: “0” is not a valid value.
Perhaps it is not the right by to configure callHome?
Is there a way do disable ssh keepalive for callHome of confd?

From the confd.conf(5) man page:

/confdConfig/ssh/clientAliveInterval (xs:duration | infinity) [infinity]
If no data has been received from a connected client for this long, a request that requires a response
from the client, will be sent over the SSH transport.

The format of xs:duration is documented here: XML Schema Part 2: Datatypes Second Edition

Note that even when your ConfD enabled application call home using TCP, the client that you call home to setup the SSH connection.

1 Like

Thx, but even PT0M or P0M

 <ssh>
    <clientAliveInterval>P0M</clientAliveInterval>
  </ssh>

disable using the ssh keepalive.

I still see the keepalive msg in the log:

<INFO> 19-Nov-2021::12:56:13.880 v4-virtio-sm-0 confd[721]: devel-c Daemon closed (name: component-status-update_10.43.16.40, daemon id: 47)
<INFO> 19-Nov-2021::12:56:29.461 v4-virtio-sm-0 confd[721]: confd Sending additional keepalive message to 10.211.2.203:31362 (10s * 2)
<INFO> 19-Nov-2021::12:56:39.462 v4-virtio-sm-0 confd[721]: confd Sending additional keepalive message to 10.211.2.203:31362 (10s * 3)
<INFO> 19-Nov-2021::12:56:49.465 v4-virtio-sm-0 confd[721]: confd Peer, 10.211.2.203:31362, is not responding to alive messages (10s * 3) - dropping connection
<INFO> 19-Nov-2021::12:57:18.550 v4-virtio-sm-0 confd[721]: confd Sending additional keepalive message to 10.211.2.203:31362 (10s * 2)
<INFO> 19-Nov-2021::12:57:28.552 v4-virtio-sm-0 confd[721]: confd Sending additional keepalive message to 10.211.2.203:31362 (10s * 3)
<INFO> 19-Nov-2021::12:57:38.559 v4-virtio-sm-0 confd[721]: confd Peer, 10.211.2.203:31362, is not responding to alive messages (10s * 3) - dropping connection

I believe you need to use the default value “infinity” or not configure the clientAliveInterval (i.e. use the default value)