bugzilla-daemon at mindrot.org
2022-Oct-18 14:53 UTC
[Bug 3484] New: RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 Bug ID: 3484 Summary: RFE: implement a "sftp_timeout" property on backend to automatically close idle connections Product: Portable OpenSSH Version: 8.8p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sftp-server Assignee: unassigned-bugs at mindrot.org Reporter: rmetrich at redhat.com Currently there is no way for the sftp backend (sftp-server or internal-sftp) to close idle connections (by idle I mean no order sent for some time by the sftp client). This is very problematic for SFTP servers because clients can remain connected, which consumes file descriptors and resources in general, causing potentially system limits to be reached. This is a case I handled recently, where system-wide file descriptors were exhausted, due to left-opened sftp sessions + corresponding systemd sessions. There are "ClientAlive*" properties but these only work for dead clients. So far, the only solution I found is to have a script that runs regularly and checks if /proc/<sftpserver>/fd/0 access time is older than a certain timestamp, and kill the PID accordingly. See also Red Hat Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=2135811. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Oct-20 09:27 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 --- Comment #1 from Renaud M?trich <rmetrich at redhat.com> --- Created attachment 3618 --> https://bugzilla.mindrot.org/attachment.cgi?id=3618&action=edit Proposed implementation using new "-t <sesion_timeout>" option to sftp-server Tested with: - no parameter (no timeout) - "-t 0" (no timeout) - "-t 30" (30 seconds timeout) -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Oct-20 09:27 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 Renaud M?trich <rmetrich at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|8.8p1 |9.1p1 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Oct-20 09:32 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 --- Comment #2 from Renaud M?trich <rmetrich at redhat.com> --- See also https://github.com/openssh/openssh-portable/pull/350 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Oct-20 09:44 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 Flos Qi Guo <lonicerae at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lonicerae at gmail.com --- Comment #3 from Flos Qi Guo <lonicerae at gmail.com> --- +1 for this. Indeed a very good proposal. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Dec-20 03:32 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #4 from Damien Miller <djm at mindrot.org> --- I don't want to do this in sftp-server. See https://github.com/djmdjm/openssh-wip/pull/16 for a more general mechanism -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Feb-10 03:48 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #5 from Damien Miller <djm at mindrot.org> --- The more general mechanism shipped in OpenSSH 9.2 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-17 02:42 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Damien Miller <djm at mindrot.org> --- OpenSSH 9.3 has been released. Close resolved bugs -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.