sftp idle timeout

Tomas Kuthan tomas.kuthan at oracle.com
Tue May 30 22:45:54 AEST 2017

On 05/30/17 08:47 AM, Damien Miller wrote:
> On Mon, 29 May 2017, Tomas Kuthan wrote:
>> In this particular deployment, limiting the idle timeout to sftp
>> sessions only would actually be preferable. High numbers of regular
>> sftp users are expected, with only an occasional admin shell access
>> here and there.
>> What are your reasons for not liking the sftp-server-centric solution?
>> (I admit implementing the timeout in the underlying ssh layer is a
>> more generic solution and it allows for a more graceful tear-down.)
>> I see ssh idle timeout surfaced on the alias a couple times before,
>> but never made it into the code. Are you saying that the idea itself
>> is viable and that a patch could be accepted?
> The problem is that the mainloop is an old select()-based monster, so
> adding a decent timer system to it will be ugly and will make it harder
> to fix later.
> Once Markus finishes the refactoring that he's working on at the moment,
> I'm planning on taking a look at cleaning the mainloop up and adding a
> decent timer mechanism.
> I'm reticent to add a special-case timer to sftp-server before that
> happens, though improving sftp's reporting of the underlying ssh
> connection going away seems like a good idea.

Hi Damien,

Thank you for the background, that was very helpful.


More information about the openssh-unix-dev mailing list