coder
diff --git a/‎agent/agent.go
Lines changed: 7 additions & 3 deletions b/‎agent/agent.go
Lines changed: 7 additions & 3 deletions
diff --git a/‎cli/agent.go
Lines changed: 8 additions & 5 deletions b/‎cli/agent.go
Lines changed: 8 additions & 5 deletions
diff --git a/‎cli/testdata/coder_agent_--help.golden
Lines changed: 10 additions & 8 deletions b/‎cli/testdata/coder_agent_--help.golden
Lines changed: 10 additions & 8 deletions
diff --git a/‎docs/admin/configure.md
Lines changed: 3 additions & 3 deletions b/‎docs/admin/configure.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎examples/templates/aws-ecs-container/main.tf
Lines changed: 26 additions & 15 deletions b/‎examples/templates/aws-ecs-container/main.tf
Lines changed: 26 additions & 15 deletions
@@ -79,6 +79,7 @@ type Options struct {
 	EnvironmentVariables   map[string]string
 	Logger                 slog.Logger
 	AgentPorts             map[int]string
+	SSHMaxTimeout          time.Duration
 }
 
 type Client interface {
@@ -128,6 +129,7 @@ func New(options Options) io.Closer {
 		lifecycleReported:      make(chan codersdk.WorkspaceAgentLifecycle, 1),
 		ignorePorts:            options.AgentPorts,
 		connStatsChan:          make(chan *agentsdk.Stats, 1),
+		sshMaxTimeout:          options.SSHMaxTimeout,
 	}
 	a.init(ctx)
 	return a
@@ -155,9 +157,10 @@ type agent struct {
 
 	envVars map[string]string
 	// manifest is atomic because values can change after reconnection.
-	manifest     atomic.Pointer[agentsdk.Manifest]
-	sessionToken atomic.Pointer[string]
-	sshServer    *ssh.Server
+	manifest      atomic.Pointer[agentsdk.Manifest]
+	sessionToken  atomic.Pointer[string]
+	sshServer     *ssh.Server
+	sshMaxTimeout time.Duration
 
 	lifecycleUpdate   chan struct{}
 	lifecycleReported chan codersdk.WorkspaceAgentLifecycle
@@ -809,6 +812,7 @@ func (a *agent) init(ctx context.Context) {
 				_ = session.Exit(1)
 			},
 		},
+		MaxTimeout: a.sshMaxTimeout,
 	}
 
 	go a.runLoop(ctx)
 
@@ -31,10 +31,11 @@ import (
 
 func workspaceAgent() *cobra.Command {
 	var (
-		auth         string
-		logDir       string
-		pprofAddress string
-		noReap       bool
+		auth          string
+		logDir        string
+		pprofAddress  string
+		noReap        bool
+		sshMaxTimeout time.Duration
 	)
 	cmd := &cobra.Command{
 		Use: "agent",
@@ -208,7 +209,8 @@ func workspaceAgent() *cobra.Command {
 				EnvironmentVariables: map[string]string{
 					"GIT_ASKPASS": executablePath,
 				},
-				AgentPorts: agentPorts,
+				AgentPorts:    agentPorts,
+				SSHMaxTimeout: sshMaxTimeout,
 			})
 			<-ctx.Done()
 			return closer.Close()
@@ -219,6 +221,7 @@ func workspaceAgent() *cobra.Command {
 	cliflag.StringVarP(cmd.Flags(), &logDir, "log-dir", "", "CODER_AGENT_LOG_DIR", os.TempDir(), "Specify the location for the agent log files")
 	cliflag.StringVarP(cmd.Flags(), &pprofAddress, "pprof-address", "", "CODER_AGENT_PPROF_ADDRESS", "127.0.0.1:6060", "The address to serve pprof.")
 	cliflag.BoolVarP(cmd.Flags(), &noReap, "no-reap", "", "", false, "Do not start a process reaper.")
+	cliflag.DurationVarP(cmd.Flags(), &sshMaxTimeout, "ssh-max-timeout", "", "CODER_AGENT_SSH_MAX_TIMEOUT", time.Duration(0), "Specify the max timeout for a SSH connection")
 	return cmd
 }
 
 
@@ -2,14 +2,16 @@ Usage:
   coder agent [flags]
 
 Flags:
-      --auth string            Specify the authentication type to use for the agent.
-                               Consumes $CODER_AGENT_AUTH (default "token")
-  -h, --help                   help for agent
-      --log-dir string         Specify the location for the agent log files.
-                               Consumes $CODER_AGENT_LOG_DIR (default "/tmp")
-      --no-reap                Do not start a process reaper.
-      --pprof-address string   The address to serve pprof.
-                               Consumes $CODER_AGENT_PPROF_ADDRESS (default "127.0.0.1:6060")
+      --auth string                Specify the authentication type to use for the agent.
+                                   Consumes $CODER_AGENT_AUTH (default "token")
+  -h, --help                       help for agent
+      --log-dir string             Specify the location for the agent log files.
+                                   Consumes $CODER_AGENT_LOG_DIR (default "/tmp")
+      --no-reap                    Do not start a process reaper.
+      --pprof-address string       The address to serve pprof.
+                                   Consumes $CODER_AGENT_PPROF_ADDRESS (default "127.0.0.1:6060")
+      --ssh-max-timeout duration   Specify the max timeout for a SSH connection.
+                                   Consumes $CODER_AGENT_SSH_MAX_TIMEOUT
 
 Global Flags:
       --global-config coder   Path to the global coder config directory.
 
@@ -46,9 +46,9 @@ subdomain that resolves to Coder (e.g. `*.coder.example.com`).
 
 The Coder server can directly use TLS certificates with `CODER_TLS_ENABLE` and accompanying configuration flags. However, Coder can also run behind a reverse-proxy to terminate TLS certificates from LetsEncrypt, for example.
 
-- Apache: [Run Coder with Apache and LetsEncrypt](https://github.com/coder/coder/tree/main/examples/web-server/apache)
-- Caddy: [Run Coder with Caddy and LetsEncrypt](https://github.com/coder/coder/tree/main/examples/web-server/caddy)
-- NGINX: [Run Coder with Nginx and LetsEncrypt](https://github.com/coder/coder/tree/main/examples/web-server/nginx)
+- [Apache](https://github.com/coder/coder/tree/main/examples/web-server/apache)
+- [Caddy](https://github.com/coder/coder/tree/main/examples/web-server/caddy)
+- [NGINX](https://github.com/coder/coder/tree/main/examples/web-server/nginx)
 
 ## PostgreSQL Database
 
 
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     coder = {
       source  = "coder/coder"
-      version = "~> 0.6.12"
+      version = "~> 0.6.17"
     }
     aws = {
       source  = "hashicorp/aws"
@@ -11,16 +11,28 @@ terraform {
   }
 }
 
+provider "coder" {
+  feature_use_managed_variables = true
+}
+
 variable "ecs-cluster" {
   description = "Input the ECS cluster ARN to host the workspace"
-  default     = ""
 }
-variable "cpu" {
-  default = "1024"
+
+data "coder_parameter" "cpu" {
+  name        = "cpu"
+  description = "The number of CPU units to reserve for the container"
+  type        = "number"
+  default     = "1024"
+  mutable     = true
 }
 
-variable "memory" {
-  default = "2048"
+data "coder_parameter" "memory" {
+  name        = "memory"
+  description = "The amount of memory (in MiB) to allow the container to use"
+  type        = "number"
+  default     = "2048"
+  mutable     = true
 }
 
 # configure AWS provider with creds present on Coder server host
@@ -34,14 +46,14 @@ resource "aws_ecs_task_definition" "workspace" {
   family = "coder"
 
   requires_compatibilities = ["EC2"]
-  cpu                      = var.cpu
-  memory                   = var.memory
+  cpu                      = data.coder_parameter.cpu.value
+  memory                   = data.coder_parameter.memory.value
   container_definitions = jsonencode([
     {
       name      = "coder-workspace-${data.coder_workspace.me.id}"
       image     = "codercom/enterprise-base:ubuntu"
-      cpu       = 1024
-      memory    = 2048
+      cpu       = tonumber(data.coder_parameter.cpu.value)
+      memory    = tonumber(data.coder_parameter.memory.value)
       essential = true
       user      = "coder"
       command   = ["sh", "-c", coder_agent.coder.init_script]
@@ -92,11 +104,10 @@ resource "aws_ecs_service" "workspace" {
 data "coder_workspace" "me" {}
 
 resource "coder_agent" "coder" {
-  arch = "amd64"
-  auth = "token"
-  os   = "linux"
-  dir  = "/home/coder"
-
+  arch                   = "amd64"
+  auth                   = "token"
+  os                     = "linux"
+  dir                    = "/home/coder"
   login_before_ready     = false
   startup_script_timeout = 180
   startup_script         = <<-EOT