sftp idle timeout

Tomas Kuthan tomas.kuthan at oracle.com
Tue May 30 00:19:28 AEST 2017

On 05/29/17 04:13 AM, Damien Miller wrote:
> On Fri, 26 May 2017, Tomas Kuthan wrote:
>> Hi team,
>> Any chance my patch introducing new sftp-server option '-t idle_timout' [1,2]
>> could be accepted into openssh/openssh-portable?
> I think the best place to implement a idle timeout is in sshd. Then it
> could be made per-channel and be able to cover login sessions as well.
> That was requested in https://bugzilla.mindrot.org/show_bug.cgi?id=1338

Hi Damien,

Thank you for the pointer, much appreciated.

In this particular deployment, limiting the idle timeout to sftp 
sessions only would actually be preferable. High numbers of regular sftp 
users are expected, with only an occasional admin shell access here and 

What are your reasons for not liking the sftp-server-centric solution?
(I admit implementing the timeout in the underlying ssh layer is a more 
generic solution and it allows for a more graceful tear-down.)

I see ssh idle timeout surfaced on the alias a couple times before, but 
never made it into the code. Are you saying that the idea itself is 
viable and that a patch could be accepted?


More information about the openssh-unix-dev mailing list