Skip to content

feat: Implement SSH keepalive to prevent idle connection timeouts #122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
inureyes merged 2 commits into from
Jan 9, 2026
Merged

feat: Implement SSH keepalive to prevent idle connection timeouts #122

inureyes merged 2 commits into from
Jan 9, 2026

Conversation

@inureyes
Copy link
Member

@inureyes inureyes commented Jan 9, 2026

Summary

  • Add configurable SSH keepalive settings to prevent idle connection timeouts
  • Implement --server-alive-interval and --server-alive-count-max CLI options (matching OpenSSH syntax)
  • Add YAML config support for server_alive_interval and server_alive_count_max in defaults and cluster settings
  • Default keepalive interval: 60 seconds, default max: 3 retries

Changes

Core Implementation

  • Create SshConnectionConfig struct in src/ssh/tokio_client/connection.rs with builder pattern
  • Add connect_with_ssh_config() method to Client for custom keepalive settings
  • Update all connection paths (direct, tunnel, jump hosts) to use configurable keepalive

Configuration Integration

  • CLI options in src/cli/bssh.rs: --server-alive-interval, --server-alive-count-max
  • YAML config fields in src/config/types.rs: server_alive_interval, server_alive_count_max
  • Config precedence: CLI > SSH config > YAML config > defaults

Files Modified

  • src/ssh/tokio_client/connection.rs - Core keepalive config struct
  • src/ssh/tokio_client/mod.rs - Export new types
  • src/jump/chain/tunnel.rs - Jump host tunnel connections
  • src/jump/chain/chain_connection.rs - Direct connections
  • src/jump/chain.rs - Jump host chain management
  • src/cli/bssh.rs - CLI options
  • src/config/types.rs - YAML config types
  • src/config/resolver.rs - Config resolution
  • src/executor/parallel.rs - ParallelExecutor integration
  • src/commands/exec.rs - Execute command params
  • src/app/dispatcher.rs - Wire CLI to executor

Test Plan

  • cargo build succeeds with no warnings
  • cargo test passes (excluding macOS keychain tests that require user interaction)
  • cargo clippy passes with no warnings
  • Help output shows new options: bssh --help | grep server-alive
  • Manual test: Long-running command with keepalive enabled
  • Manual test: Disable keepalive with --server-alive-interval 0

Closes #121

@inureyes
feat: Implement SSH keepalive to prevent idle connection timeouts
5cb4f57 
Add configurable SSH keepalive settings (ServerAliveInterval and
ServerAliveCountMax) to prevent connections from timing out during
long-running operations.

Changes:
- Add SshConnectionConfig struct with keepalive settings (default: 60s interval, 3 max)
- Add CLI options --server-alive-interval and --server-alive-count-max
- Add YAML config support for server_alive_interval and server_alive_count_max
- Implement config precedence: CLI > SSH config > YAML config > defaults
- Update all connection paths (direct, tunnel, jump hosts) to use keepalive
- Update documentation (README.md, ARCHITECTURE.md)

Closes #121
@inureyes inureyes added type:enhancement New feature or request status:review Under review priority:high High priority issue labels Jan 9, 2026
@inureyes
Copy link
Member Author

inureyes commented Jan 9, 2026
edited
Loading

Security & Performance Review

Analysis Summary

  • PR Branch: feature/issue-121-ssh-keepalive
  • Scope: changed-files
  • Languages: Rust
  • Total issues: 0
  • Critical: 0 | High: 0 | Medium: 0 | Low: 0
  • Review Iteration: 1/3

Review Findings

After thorough analysis of the SSH keepalive implementation, I found no security vulnerabilities or performance issues.

Security Analysis

1. Input Validation - PASS

  • server_alive_interval: Properly typed as Option<u64> - cannot accept negative values
  • server_alive_count_max: Properly typed as Option<usize> - cannot accept negative values
  • Both values are used directly with russh's Config without string interpolation, preventing injection risks

2. Configuration Precedence - PASS (Secure Design)

CLI (--server-alive-interval) > SSH config (ServerAliveInterval) > YAML config > Defaults

This follows OpenSSH conventions and allows users to override defaults securely.

3. Default Values - PASS

  • DEFAULT_KEEPALIVE_INTERVAL = 60 seconds - Standard, reasonable default
  • DEFAULT_KEEPALIVE_MAX = 3 attempts - Matches OpenSSH default
  • Keepalive can be disabled by setting interval to 0 (intentional feature)

4. No Sensitive Data Exposure - PASS

  • Keepalive settings are logged only at debug level
  • No credentials or sensitive information involved in keepalive mechanism

5. Proper Resource Management - PASS

  • Uses Duration::from_secs() for safe conversion to timeout values
  • No memory leaks introduced
  • Proper use of Rust's ownership system

Performance Analysis

1. Memory Overhead - MINIMAL

  • SshConnectionConfig struct is small (2 fields: Option<u64> + usize)
  • Uses .clone() appropriately (cheap for this small struct)
  • Implements Clone trait efficiently via derive macro

2. CPU Overhead - NEGLIGIBLE

  • to_russh_config() conversion is O(1)
  • No unnecessary allocations
  • Builder pattern properly uses #[must_use] for API clarity

3. Network Impact - MINIMAL (Expected Behavior)

  • Keepalive packets are lightweight SSH protocol messages
  • Default 60s interval is reasonable and matches OpenSSH
  • Prevents connection timeouts which would cause reconnection overhead

Code Quality

1. API Design - EXCELLENT

  • Builder pattern with with_keepalive_interval() and with_keepalive_max()
  • #[must_use] attributes on builder methods
  • Comprehensive documentation with examples

2. Backward Compatibility - PRESERVED

  • Client::connect() continues to use defaults
  • New connect_with_ssh_config() method for custom settings
  • Existing code paths unchanged

3. Test & Lint Status - PASS

  • cargo clippy passes with no warnings
  • cargo test passes (745/746 tests, 1 unrelated macOS Keychain test)

Implementation Review Summary

The implementation correctly:

  1. Adds SshConnectionConfig struct with sensible defaults
  2. Integrates keepalive settings into all connection paths (direct, tunnel, jump hosts)
  3. Supports configuration via CLI (--server-alive-interval, --server-alive-count-max)
  4. Supports YAML config (server_alive_interval, server_alive_count_max)
  5. Supports SSH config file (ServerAliveInterval, ServerAliveCountMax)
  6. Follows proper configuration precedence
  7. Allows disabling keepalive by setting interval to 0

Verdict

APPROVED - This PR implements SSH keepalive functionality correctly and securely. No issues found that require fixing.

Status: Review Complete

  • Security review completed
  • Performance review completed
  • Code quality review completed
  • All checks pass

@inureyes inureyes removed the status:review Under review label Jan 9, 2026
@inureyes
chore: Add tests and documentation for SSH keepalive feature
d7f4878 
- Add comprehensive test suite for SSH keepalive (27 tests)
  - SshConnectionConfig struct tests
  - SSH config parsing tests for ServerAlive* options
  - Config resolution tests for keepalive settings
  - ParallelExecutor integration tests
- Fix doc test examples (AuthMethod::with_key_file signature change)
- Update documentation:
  - docs/architecture/configuration.md: Add keepalive fields
  - docs/architecture/ssh-client.md: Document keepalive support
@inureyes
Copy link
Member Author

inureyes commented Jan 9, 2026

PR Finalization Complete

Project Structure Discovered

  • Project Type: Rust
  • Test Framework: cargo test
  • Documentation System: Plain markdown + docs/architecture/
  • Multi-language Docs: No (English only)
  • Lint Tools: cargo fmt, cargo clippy

Checklist

Tests

  • Analyzed existing test structure (tests/ directory with integration tests)
  • Identified missing test coverage for SSH keepalive feature
  • Generated new tests: tests/ssh_keepalive_test.rs (27 tests)
    • SshConnectionConfig struct construction and defaults
    • Builder pattern with chaining
    • Conversion to russh config
    • SSH config file parsing for ServerAliveInterval/ServerAliveCountMax
    • bssh config resolution for keepalive settings
    • ParallelExecutor integration
  • All doc tests passing (22 passed)
  • All new tests passing (27 passed)

Documentation

  • README.md already documented (lines 31, 237-244, 714-715, 1177-1178)
  • ARCHITECTURE.md already documented (lines 269-272)
  • Updated docs/architecture/configuration.md:
    • Added server_alive_interval and server_alive_count_max to Defaults struct
    • Added fields to ClusterDefaults struct
    • Added example in configuration file sample
  • Updated docs/architecture/ssh-client.md:
    • Added SSH keepalive support documentation with SshConnectionConfig details
  • CLI --help output already comprehensive

Code Quality

  • cargo fmt: No formatting issues
  • cargo clippy -- -D warnings: No warnings

Changes Made

  1. Fixed doc tests: Updated AuthMethod::with_key_file example to include required None passphrase argument
  2. Fixed doc tests: Added missing Node import and initialization in ParallelExecutor::with_ssh_connection_config example
  3. Created comprehensive test suite: tests/ssh_keepalive_test.rs with 27 tests covering:
    • Default values verification
    • Builder pattern functionality
    • russh config conversion
    • SSH config file parsing
    • Config resolution (SSH config and bssh config)
    • ParallelExecutor integration
  4. Updated architecture documentation to include keepalive settings

Notes

  • The Keychain tests fail due to macOS authorization prompts (environment-specific)
  • One SSH key test depends on local SSH key configuration (environment-specific)
  • These are not related to the keepalive feature implementation

All checks passing. Ready for merge.

@inureyes inureyes added the status:ready Ready to be worked on label Jan 9, 2026
@inureyes inureyes self-assigned this Jan 9, 2026
@inureyes inureyes merged commit 2f7dcc3 into main Jan 9, 2026
2 checks passed
@inureyes inureyes deleted the feature/issue-121-ssh-keepalive branch January 9, 2026 11:42
inureyes added a commit that referenced this pull request Jan 9, 2026
@inureyes
chore: Prepare release v1.7.0
6de898e 
- Add SSH keepalive support (#122)
- Update dependencies to latest versions:
  - russh: 0.55.0 → 0.56.0
  - ratatui: 0.29.0 → 0.30.0
  - signal-hook: 0.3.18 → 0.4.1
  - whoami: 1.6.1 → 2.0.1
  - unicode-width: 0.2.0 → 0.2.2
- Adapt code for whoami 2.0 API changes
- Update CHANGELOG.md, README.md, debian/changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@inureyes inureyes

Labels

priority:high High priority issue status:ready Ready to be worked on type:enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Implement SSH keepalive to prevent idle connection timeouts

2 participants

@inureyes