Hi,
I am trying to understand the ChannelTimeout option and whether it
should work as I expect.
I intended to use it to terminate inactive sessions, e.g. where no
keystrokes / output is sent or SFTP sessions with no commands or data
transfer. For testing I am using OpenSSH_9.6p1 Debian-5, OpenSSL 3.1.5
30 Jan 2024 both as the server and client.
I set the following options in sshd_config:
ChannelTimeout agent-connection=60 direct-tcpip=60
direct-streamlocal at openssh.com=60 forwarded-tcpip=60
forwarded-streamlocal at openssh.com=60 session=60 tun-connection=60
x11-connection=60
UnusedConnectionTimeout 1m
The changelog suggests that support for the global keyword was added in
OpenSSH 9.7, so instead I listed them individually.
Connecting to the server with ssh -vv user at hostname shows that channel 0
is opened for a shell:
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
No input is sent and the only output is a shell prompt (no dynamic
content like tmux / htop). This channel is not closed regardless of how
long I wait, and the session is not terminated. I get similar results
with sftp. The only channel I see in the debug output is channel 0. If
it's relevant then I do see "inactive timeout: 0" in the debug
output
when the channel is created:
debug3: channel_clear_timeouts: clearing
debug1: channel 0: new session [client-session] (inactive timeout: 0)
Opening a session with no channels using ssh -N user at hostname produces a
different result. After 60ish seconds the connection is closed:
Connection to localhost closed by remote host.
Transferred: sent 3112, received 3520 bytes, in 60.9 seconds
This suggests that UnusedConnectionTimeout is working as I expect, but
ChannelTimeout is not.
Is there other data sent across the channel that stops this from
functioning how I expect? Is this how the ChannelTimeout expected to work?
David