sftp idle timeout

Tomas Kuthan tomas.kuthan at oracle.com
Tue May 30 22:45:54 AEST 2017


On 05/30/17 08:47 AM, Damien Miller wrote:
> On Mon, 29 May 2017, Tomas Kuthan wrote:
>
>> In this particular deployment, limiting the idle timeout to sftp
>> sessions only would actually be preferable. High numbers of regular
>> sftp users are expected, with only an occasional admin shell access
>> here and there.
>>
>> What are your reasons for not liking the sftp-server-centric solution?
>> (I admit implementing the timeout in the underlying ssh layer is a
>> more generic solution and it allows for a more graceful tear-down.)
>>
>> I see ssh idle timeout surfaced on the alias a couple times before,
>> but never made it into the code. Are you saying that the idea itself
>> is viable and that a patch could be accepted?
>
> The problem is that the mainloop is an old select()-based monster, so
> adding a decent timer system to it will be ugly and will make it harder
> to fix later.
>
> Once Markus finishes the refactoring that he's working on at the moment,
> I'm planning on taking a look at cleaning the mainloop up and adding a
> decent timer mechanism.
>
> I'm reticent to add a special-case timer to sftp-server before that
> happens, though improving sftp's reporting of the underlying ssh
> connection going away seems like a good idea.

Hi Damien,

Thank you for the background, that was very helpful.

Tomas



More information about the openssh-unix-dev mailing list