bugzilla-daemon at mindrot.org
2022-Oct-18 14:53 UTC
[Bug 3484] New: RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484
Bug ID: 3484
Summary: RFE: implement a "sftp_timeout" property on
backend to
automatically close idle connections
Product: Portable OpenSSH
Version: 8.8p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sftp-server
Assignee: unassigned-bugs at mindrot.org
Reporter: rmetrich at redhat.com
Currently there is no way for the sftp backend (sftp-server or
internal-sftp) to close idle connections (by idle I mean no order sent
for some time by the sftp client).
This is very problematic for SFTP servers because clients can remain
connected, which consumes file descriptors and resources in general,
causing potentially system limits to be reached.
This is a case I handled recently, where system-wide file descriptors
were exhausted, due to left-opened sftp sessions + corresponding
systemd sessions.
There are "ClientAlive*" properties but these only work for dead
clients.
So far, the only solution I found is to have a script that runs
regularly and checks if /proc/<sftpserver>/fd/0 access time is older
than a certain timestamp, and kill the PID accordingly.
See also Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=2135811.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Oct-20 09:27 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 --- Comment #1 from Renaud M?trich <rmetrich at redhat.com> --- Created attachment 3618 --> https://bugzilla.mindrot.org/attachment.cgi?id=3618&action=edit Proposed implementation using new "-t <sesion_timeout>" option to sftp-server Tested with: - no parameter (no timeout) - "-t 0" (no timeout) - "-t 30" (30 seconds timeout) -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Oct-20 09:27 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484
Renaud M?trich <rmetrich at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|8.8p1 |9.1p1
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Oct-20 09:32 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484 --- Comment #2 from Renaud M?trich <rmetrich at redhat.com> --- See also https://github.com/openssh/openssh-portable/pull/350 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Oct-20 09:44 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484
Flos Qi Guo <lonicerae at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lonicerae at gmail.com
--- Comment #3 from Flos Qi Guo <lonicerae at gmail.com> ---
+1 for this. Indeed a very good proposal.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Dec-20 03:32 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
I don't want to do this in sftp-server. See
https://github.com/djmdjm/openssh-wip/pull/16 for a more general
mechanism
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Feb-10 03:48 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
The more general mechanism shipped in OpenSSH 9.2
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-17 02:42 UTC
[Bug 3484] RFE: implement a "sftp_timeout" property on backend to automatically close idle connections
https://bugzilla.mindrot.org/show_bug.cgi?id=3484
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
OpenSSH 9.3 has been released. Close resolved bugs
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.