new feature MaxIdleTime

[Andreas Schigold]

   Hello,
   in the company I work for we have an ISDN-router is dialing automatic
   to a special machine if a special IP-address is called by a client-PC
   inside the company. So we maintain the machines of our customers. But
   there is one problem: We cannot say to this router "hang up - I'm
   ready". So he has a configured idle timeout after this time he hang up
   by himself.
   So we need a short idle timeout to save money after closing of
   connection. But the service stuff maintains the machines is unhappy
   since the connection to many machines often goes to sleep and to the
   other machines the line breaks since there is a VPN or WAN connection
   on customers side.
   Okay, we can set one of the options TCPKeepAlive or
   ServerAliveInterval. But there is one problem: If a colleague forgets
   to close the ssh-session, it is living until the judgement day.
   So I searched for a solution supports 2 levels of idle timeout
     * a short timeout, if we want to close a session and
     * a long timeout, if a session is forgotten.

   After a long searching and thinking my only idea was to expand the ssh
   for our advantage. The result of my work you will find behind the link
   [1]http://schigold.de/openssh/index.html . I hope you will find it
   usefull and I'm close to the coding rules. If you want to put my
   result into one of the next versions, it would have two advantages to
   me. If my administrator upgrades the ssh, I don't need to reexpand the
   next version and if you accept my work he will accept this too.
   If you don't want to accept my patch, please tell me why and if I can
   do anything for your acceptence, please let me know. If you have
   questions, please ask me. If you accept it, please let me know the
   version you will put it in.
   Here I want to describe a use case:
     * we can set the idle timeout of the ISDN-router to - let's say - 10
       Seconds
     * we can call our machines with "ssh -oServerAliveInterval=3
       -oMaxIdleTime=180 user at machine-ip"
     * if the user closes the connection, ISDN-line hangs up 10 Seconds
       later
     * if the user interruptes his interaction for what ever (i.e. search
       something he needs to continue) he has a time window of 3 minutes
     * if the user forget to close the session, it closes by itself 3
       minutes later, ISDN-line hangs up 3 minutes and 10 Seconds after
       last interaction

   During such a session a user may start different programms inside the
   login shell, i.e. midnight commander or our special service tools. If
   the service employee forgets to close all these programms then the
   shell environment variable TMOUT won't work for us. I discussed the
   topic in [2]tech at openbsd.org first and one poster ment, I should
   discuss it now here.
   Important: If the parameter is unused or set to 0 the behavior of
   "ssh" should be unchanged in compare with before. If it is used the
   behavior should be the same like a user closes the connection by
   itself after the configured idle-time (except this one printout that
   the idle-timeout happened)
   Also important: In my point of view the security and stability issues
   should be close untouched. But if you detect errors or problems I have
   to solve, please give me informations to my fault and give me the
   chance to make it better
   But very important: If I made errors (in programming or in the
   procedure) please help me since it is my first action in a free
   project.
   kind regards
   Andreas Schigold
--
#############################
# Andreas Schigold          #
# mail: [3]andreas at schigold.de #
#############################

References

   1. http://schigold.de/openssh/index.html
   2. mailto:tech at openbsd.org
   3. mailto:andreas at schigold.de