Implementing sftp server-side timeout

Peter Stuge peter at stuge.se
Fri Oct 21 01:05:27 AEDT 2022


Dmitry Belyavskiy wrote:
> My colleague has proposed a patch to deal with it in
> https://bugzilla.mindrot.org/show_bug.cgi?id=3484
> 
> It looks like a reasonable feature

Have you considered that the feature actually requires sftp-server to
measure time, and how undesirable that is?

The proposed patch doesn't implement what it says: using poll() fd
events to approximate actual SFTP protocol events is a rather weak
heuristic that is likely to cause problems when fd events happen to
/not/ coincide with SFTP protocol events sometime in the future. Note
that poll() is platform-specific.

Again, I for one don't want sftp-server to measure time, which is
what would be needed to actually determine SFTP protocol timeout.


Implementation comment: Why use strtol() when negative numbers are disallowed?


Finally, have you tested how this works with internal-sftp?

I guess many large scale servers don't use internal-sftp because of
logging requirements as discussed in an older thread but I bet that
internal-sftp is desirable especially when scaling up so make sure
to not neglect it. Thanks.


//Peter


More information about the openssh-unix-dev mailing list