OpenSSH and Idle Timeouts
Eli K. Breen
bsd at unixforge.net
Wed Apr 19 04:54:38 EST 2006
Theo et al.,
I've looked back through the OpenSSH mailing lists and am stumped as to
why there is no IdleTimeout option for OpenSSH. (Normally the omission
of a feature as useful as this generates much debate and flame-quashing
from the dev. team).
Is there some background to this that I'm missing?
Here's the scenario, and I'm fully open to any workarounds.
We use a combination of OpenBSD(3.7) and FreeBSD(5.x/6.0) machines as
various SSH access points to our network. Developers and users, being
only human, often end up leaving idle connections open for
days/weeks/months at a time. This is both unsightly (from the admin
perspective) and generally makes auditing and user activity
tracking/tracing much more difficult. In short, I'm looking for a way to
expire idle connections across both of these platforms while sticking
with OpenSSH because of its excellent security history and close ties to
the *BSDs.
Are there any plans to add idle timeouts to OpenSSH in future? Does
anyone have any proven methods and/or patches for working around this
problem?
Many thanks,
Eli.
More information about the openssh-unix-dev
mailing list