Bug 2718 - SFTP idle timeout
Summary: SFTP idle timeout
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sftp-server (show other bugs)
Version: 7.5p1
Hardware: SPARC Solaris
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-22 22:44 AEST by Tomas Kuthan
Modified: 2018-12-29 09:41 AEDT (History)
2 users (show)

See Also:

Attachments
sftp idle timeout (4.03 KB, patch)
2017-05-22 22:50 AEST, Tomas Kuthan 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tomas Kuthan 2017-05-22 22:44:19 AEST 
Implement new sftp-server option '-t idle_timeout'. When there is no
user activity for idle_timeout seconds, sftp session is forcibly closed
by the server. By default there is no time limit.
Comment 1 Tomas Kuthan 2017-05-22 22:50:28 AEST 
Created attachment 2981 [details]
sftp idle timeout
Comment 2 Tomas Kuthan 2017-05-22 23:08:53 AEST 
This feature was requested by a user, who claims that the large number of opened, inactive but unterminated sftp client connections prolongs fail-over to other cluster node, when performing regular maintenance tasks. This extended fail-over time causes application outages, when various application time outs are met.

With the ability to configure sftp-server to terminate inactive sftp connections after time-out, the user hopes to keep the number of these connections down and avoid application outages.
Comment 3 Mike Frysinger 2018-12-29 09:41:04 AEDT 
the select() syscall has a timeout option on it that is currently set to NULL.  why not initialize that to the timeout you want and check the return values in the loop for that condition ?  then you don't need to muck around with signal/alarm.

you should update the usage string too so `sftp-server -h` includes the new option.