Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=3362

--- Comment #7 from josh@honorablemenschen.com ---
Unfortunately, this doesn't really fix the issue. Because it requires
you to a) know which channels your users are using, and more
importantly b) which channels your users are NOT using, and adjust your
settings on the fly to match. Because since each channel has its own
timeout, you can't just say, "disconnect after the user has done
nothing anywhere for 15 minutes". For example, let's say a user logs
in with X forwarding enabled, then opens an SSH session to another
server, and starts an X program on that server in the background. If
you're watching for inactivity on all channels, then if the shell
channel goes inactive (because they're working in the X window), the
connection gets terminated while they are most definitely NOT idle
(easy to test - set ChannelTimeout *=5m; ssh to that server, then from
there to another server; start an xterm window, in it run a while loop
that outputs to the screen. After the 5 minutes of inactivity in the
shell, the entire SSH gets killed. The same is not true if the while
loop is run directly in the SSH session shell). The same is
potentially true in other situations as well. While this mechanism may
ultimately hold value, the fact that each channel is monitored for
timeout separately and there's not a way to say, "Monitor for
inactivity across all channels with a single timeout value that gets
updated if there's activity on any channel" severely limits the
usefulness of this new method. Because of this limitation, this is not
a viable solution to the requested functionality.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs