Idletimeout patch

Nicolas Williams Nicolas.Williams at ubsw.com
Tue Aug 21 00:36:27 EST 2001


On Mon, Aug 20, 2001 at 05:19:19PM +0300, Jani Jaakkola wrote:
> uOn Mon, 20 Aug 2001, Pekka Savola wrote:
> 
> > On Mon, 20 Aug 2001, Markus Friedl wrote:
> > > but how large is the benefit/line ratio for this patch?
> >
> > Also, what's the benefit when compared to e.g. tcsh 'autologout' variable?
> 
> As I said before, not all ssh sessions have a tty and not all ssh sessions
> actually even have a shell. In our environment we are tunneling imap
> traffic through ssh with a command like
> 'ssh mail-server "exec /etc/rimapd"' where there is no shell left after
> the exec.  Also tcsh:s autologout does not work, if the user is running
> any program in the session instead of a plain shell (which users most
> of the time do, since nobody is interested in plain shell access).

You could use the command= auth_keys option to force the interposition
of a process which enforces a timeout.

This would work, but it would also badly affect performance since you'd
now have this process, with so little value to add, doubling the number
of context switches and [probably] doubling the number of data copies
that would be involved without the idle timeout process.

It's really much better to have this feature in OpenSSH.

> I am also aware that telnet and rlogin do not have this functionality. But
> since we do have the far superior ssh, we have disabled those services
> and I don't need to implement idletimeout for them.

Other SSHs have it...

> - Jani


Nico
--
. 

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.




More information about the openssh-unix-dev mailing list