max SSH session duration

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx

@@ -155,10 +155,16 @@ To set up the Logpush job, refer to [Logpush integration](/cloudflare-one/insigh
 
 ## Known limitations
 
+### SSH features
+
 The following SSH features are not supported:
 
 - `sftp` commands
 - `scp` commands that utilize OpenSSH versions > 9.0, because OpenSSH 9.0+ leverages `sftp` to execute the command
 - Local and remote port forwarding
 - SSH agent forwarding
 - X11 forwarding
+
+### Session duration
+
+SSH sessions have a maximum expected duration of 10 hours. For more information, refer to the [Troubleshooting FAQ](/cloudflare-one/faq/troubleshooting/#long-lived-ssh-sessions-frequently-disconnect).

src/content/docs/cloudflare-one/faq/troubleshooting.mdx

@@ -374,3 +374,18 @@ Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP" -Recurse
 ## I get an `Invalid session. Please try logging in again.` error from Access when trying to log in to the Cloudflare dashboard via SSO.
 
 Cloudflare Access uses a [`CF_Session` cookie](/cloudflare-one/identity/authorization-cookie/#access-cookies) to validate that the same browser both initiated and completed your sign-in. The `Invalid session` error means Access was unable to validate this cookie. Ensure that there is no software or firewall on your device or network that may be interfering with requests to Access.
+
+## Long-lived SSH sessions frequently disconnect.
+
+All SSH connections proxied through Cloudflare Gateway, including traffic to [Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) targets, have a maximum expected duration of 10 hours. This is because Gateway terminates connections over 10 hours when releasing service updates; releases are not scheduled and can occur multiple times a week. To ensure a consistent user experience, you can configure your environment to automatically terminate sessions over 10 hours. For example, you could require users to sign in once a day so that connections do not cut off unexpectedly during the work day.
+
+One option is to add [`ControlPersist`](https://man.openbsd.org/ssh_config#ControlPersist) to your personal (`~/.ssh/config`) or global (`/etc/ssh/ssh_config`) SSH client configuration file:
+
+```txt
+Host *
+    ControlMaster auto
+    ControlPath ~/.ssh/control_sockets/%r@%h:%p
+    ControlPersist 10h
+```
+
+`ControlPersist` will close inactive SSH connections on the client machine after the specified time period.