Implementing sftp server-side timeout
Peter Stuge
peter at stuge.se
Fri Oct 21 01:05:27 AEDT 2022
Dmitry Belyavskiy wrote:
> My colleague has proposed a patch to deal with it in
> https://bugzilla.mindrot.org/show_bug.cgi?id=3484
>
> It looks like a reasonable feature
Have you considered that the feature actually requires sftp-server to
measure time, and how undesirable that is?
The proposed patch doesn't implement what it says: using poll() fd
events to approximate actual SFTP protocol events is a rather weak
heuristic that is likely to cause problems when fd events happen to
/not/ coincide with SFTP protocol events sometime in the future. Note
that poll() is platform-specific.
Again, I for one don't want sftp-server to measure time, which is
what would be needed to actually determine SFTP protocol timeout.
Implementation comment: Why use strtol() when negative numbers are disallowed?
Finally, have you tested how this works with internal-sftp?
I guess many large scale servers don't use internal-sftp because of
logging requirements as discussed in an older thread but I bet that
internal-sftp is desirable especially when scaling up so make sure
to not neglect it. Thanks.
//Peter
More information about the openssh-unix-dev
mailing list