Hello OpenSSH folks,
This was a really minor knit, but I noted while I was developing a
pexpect module for ssh that setting ConnectTimeout to 0 in the options
to ssh sets the login timeout to infinite time.
I was wondering whether or not this was a documentation bug and/or
potential clarification that could to be made, or if this was a
software bug that needs to be fixed. I don't see much point behind
infinite connect time, but then again, I'm just one end-user in a sea
of many users.
Thanks!
-Garrett
On 01/06/2009 08:25 PM, Garrett Cooper wrote:> This was a really minor knit, but I noted while I was developing a > pexpect module for ssh that setting ConnectTimeout to 0 in the options > to ssh sets the login timeout to infinite time. > I was wondering whether or not this was a documentation bug and/or > potential clarification that could to be made, or if this was a > software bug that needs to be fixed. I don't see much point behind > infinite connect time, but then again, I'm just one end-user in a sea > of many users.I think the logic behind this choice is that while some people may reasonably want to never time out a connection, there is no one who would reasonably want to *always* have their connection time out (what "ConnectTimeout 0" would ordinarily imply). So since 0 is an effectively unused value for ConnectTimeout, it makes more sense to let people who want really long timeouts use have a clear way to specify it rather than expecting them to invent a fictitiously long (but arbitrary and unwanted) value, like "ConnectTimeout 99999". Another way to achieve the same thing would be to allow a special string (e.g. "ConnectTimeout never"), but it's easier for the config file parser to always expect a number, rather than having to deal with special cases. This all seems reasonable to me, anyway. I wasn't involved in the implementation. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 890 bytes Desc: OpenPGP digital signature Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20090106/c1646f5f/attachment.bin
Garrett Cooper wrote:> Hello OpenSSH folks, > This was a really minor knit, but I noted while I was developing a > pexpect module for ssh that setting ConnectTimeout to 0 in the options > to ssh sets the login timeout to infinite time. > I was wondering whether or not this was a documentation bug and/or > potential clarification that could to be made, or if this was a > software bug that needs to be fixed. I don't see much point behind > infinite connect time, but then again, I'm just one end-user in a sea > of many users.The code in question is in sshconnect.c:timeout_connect: if (*timeoutp <= 0) { result = connect(sockfd, serv_addr, addrlen); goto done; } so if ConnectTimeout=0 it doesn't explicitly make the timeout infinite, but merely falls back to whatever the operating system defaults to for connect(2). This should be constrained by the TCP maximum segment lifetime, and may be a couple of minutes (OpenBSD, for example, times out connects at 75 seconds, Linux at ~3 minutes). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.