sftp idle timeout
Tomas Kuthan
tomas.kuthan at oracle.com
Tue May 30 00:19:28 AEST 2017
On 05/29/17 04:13 AM, Damien Miller wrote:
> On Fri, 26 May 2017, Tomas Kuthan wrote:
>
>> Hi team,
>>
>> Any chance my patch introducing new sftp-server option '-t idle_timout' [1,2]
>> could be accepted into openssh/openssh-portable?
>
> I think the best place to implement a idle timeout is in sshd. Then it
> could be made per-channel and be able to cover login sessions as well.
>
> That was requested in https://bugzilla.mindrot.org/show_bug.cgi?id=1338
Hi Damien,
Thank you for the pointer, much appreciated.
In this particular deployment, limiting the idle timeout to sftp
sessions only would actually be preferable. High numbers of regular sftp
users are expected, with only an occasional admin shell access here and
there.
What are your reasons for not liking the sftp-server-centric solution?
(I admit implementing the timeout in the underlying ssh layer is a more
generic solution and it allows for a more graceful tear-down.)
I see ssh idle timeout surfaced on the alias a couple times before, but
never made it into the code. Are you saying that the idea itself is
viable and that a patch could be accepted?
Thanks!
Tomas
More information about the openssh-unix-dev
mailing list