diff --git a/.github/ISSUE_TEMPLATE/testplan.md b/.github/ISSUE_TEMPLATE/testplan.md
index 1a5b9c58281cb..ba04304182e5e 100644
--- a/.github/ISSUE_TEMPLATE/testplan.md
+++ b/.github/ISSUE_TEMPLATE/testplan.md
@@ -1209,7 +1209,7 @@ tsh bench web sessions --max=5000 --web user ls
- [ ] A folder from inside the shared directory can be copy-pasted to another folder inside shared directory (and its contents retained)
- RBAC
- [ ] Give the user one role that explicitly disables directory sharing (`desktop_directory_sharing: false`) and confirm that the option to share a directory doesn't appear in the menu
-- Per-Session MFA (try webauthn on each of Chrome, Safari, and Firefox; u2f only works with Firefox)
+- Per-Session MFA
- [ ] Attempting to start a session no keys registered shows an error message
- [ ] Attempting to start a session with a webauthn registered pops up the "Verify Your Identity" dialog
- [ ] Hitting "Cancel" shows an error message
@@ -1253,6 +1253,10 @@ tsh bench web sessions --max=5000 --web user ls
- Set up Teleport in a trusted cluster configuration where the root and leaf cluster has a w_d_s connected via tunnel (w_d_s running as a separate process)
- [ ] Confirm that windows desktop sessions can be made on root cluster
- [ ] Confirm that windows desktop sessions can be made on leaf cluster
+- Screen size
+ - [ ] Desktops that specify a fixed `screen_size` in their spec always use the same screen size.
+ - [ ] Desktops sessions for desktops which specify a fixed `screen_size` do not resize automatically.
+ - [ ] Attempting to register a desktop with a `screen_size` dimension larger than 8192 fails.
- Non-AD setup
- [ ] Installer in GUI mode finishes successfully on instance that is not part of domain
- [ ] Installer works correctly invoked from command line
@@ -1378,6 +1382,29 @@ TODO(lxea): replace links with actual docs once merged
- [ ] Windows Desktop
- [ ] App Access
+## SSH Connection Resumption
+
+Verify that SSH works, and that resumable SSH is not interrupted across a Teleport Cloud tenant upgrade.
+| | Standard node | Non-resuming node | Peered node | Agentless node |
+|---|---|---|---|---|
+| `tsh ssh` | | | | |
+| `tsh ssh --no-resume` | | | | |
+| Teleport Connect | | | | |
+| Web UI (not resuming) | | | | |
+| OpenSSH (standard `tsh config`) | | | | |
+| OpenSSH (changing `ProxyCommand` to `tsh proxy ssh --no-resume`) | | | | |
+
+Verify that SSH works, and that resumable SSH is not interrupted across a control plane restart (of either the root or the leaf cluster).
+
+| | Tunnel node | Direct dial node |
+|---|---|---|
+| `tsh ssh` | | |
+| `tsh ssh --no-resume` | | |
+| `tsh ssh` (from a root cluster) | | |
+| `tsh ssh --no-resume` (from a root cluster) | | |
+| OpenSSH (without `ProxyCommand`) | n/a | |
+| OpenSSH's `ssh-keyscan` | n/a | |
+
## EC2 Discovery
[EC2 Discovery docs](https://goteleport.com/docs/server-access/guides/ec2-discovery/)
diff --git a/docs/pages/desktop-access/reference/configuration.mdx b/docs/pages/desktop-access/reference/configuration.mdx
index ed148288da5e9..563ce10d829c6 100644
--- a/docs/pages/desktop-access/reference/configuration.mdx
+++ b/docs/pages/desktop-access/reference/configuration.mdx
@@ -43,3 +43,26 @@ desktop sessions are performed over this tunnel. To enable this mode, ensure
that `windows_desktop_service.listen_addr` is *unset*, and point
`teleport.proxy_server` at a Teleport Proxy.
+## Screen size
+
+By default, Teleport will set the screen size of the remote desktop session
+based on the size of your browser window. In some cases, you may wish to
+configure specific hosts to use a specific screen size. To do this, set the
+`screen_size` attribute on the `windows_desktop` resource:
+
+```yaml
+kind: windows_desktop
+metadata:
+ name: fixed-screen-size
+spec:
+ host_id: 307e091b-7f6b-42e0-b78d-3362ad10b55d
+ addr: 192.168.1.153:3389
+ non_ad: true
+
+ # Optional - ensures that all sessions use the same screen size,
+ # no matter what the size of the browser window is.
+ # Leave blank to use the size of the browser window.
+ screen_size:
+ width: 1024
+ height: 768
+```
\ No newline at end of file
diff --git a/docs/pages/reference/resources.mdx b/docs/pages/reference/resources.mdx
index b4be31487fbfc..248d774601869 100644
--- a/docs/pages/reference/resources.mdx
+++ b/docs/pages/reference/resources.mdx
@@ -154,7 +154,7 @@ desktops this way:
connections to the host. If you have multiple such services, you can create
multiple `windows_desktop` resources with different `host_id` values.
1. If you intend to log in to the desktop with local Windows users you must set
- `non_ad: true`. If you intent to log in with Active Directory users, leave
+ `non_ad: true`. If you intend to log in with Active Directory users, leave
`non_ad` unset (or false), and specify the Active Directory domain in the
`domain` field.
@@ -170,6 +170,13 @@ spec:
addr: 192.168.1.153:3389
domain: ""
non_ad: true
+
+ # Optional - ensures that all sessions use the same screen size,
+ # no matter what the size of the browser window is.
+ # Leave blank to use the size of the browser window.
+ screen_size:
+ width: 1024
+ height: 768
version: v3
```