Bug 2718

Summary:

SFTP idle timeout

Product:

Portable OpenSSH

Reporter:

Tomas Kuthan <tomas.kuthan>

Component:

sftp-server

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

NEW ---

Severity:

enhancement

CC:

tomas.kuthan, vapier

Priority:

Version:

7.5p1

Hardware:

SPARC

OS:

Solaris

Attachments:

Description	Flags
sftp idle timeout	none

Description Tomas Kuthan 2017-05-22 22:44:19 AEST

Implement new sftp-server option '-t idle_timeout'. When there is no
user activity for idle_timeout seconds, sftp session is forcibly closed
by the server. By default there is no time limit.

Comment 1 Tomas Kuthan 2017-05-22 22:50:28 AEST

Created attachment 2981 [details]
sftp idle timeout

Comment 2 Tomas Kuthan 2017-05-22 23:08:53 AEST

This feature was requested by a user, who claims that the large number of opened, inactive but unterminated sftp client connections prolongs fail-over to other cluster node, when performing regular maintenance tasks. This extended fail-over time causes application outages, when various application time outs are met.

With the ability to configure sftp-server to terminate inactive sftp connections after time-out, the user hopes to keep the number of these connections down and avoid application outages.

Comment 3 Mike Frysinger 2018-12-29 09:41:04 AEDT

the select() syscall has a timeout option on it that is currently set to NULL.  why not initialize that to the timeout you want and check the return values in the loop for that condition ?  then you don't need to muck around with signal/alarm.

you should update the usage string too so `sftp-server -h` includes the new option.