Mailing List Archive

Implementing sftp server-side timeout
Dear colleagues,

Currently there is no way for the sftp backend (sftp-server or
internal-sftp) to close idle connections (by idle I mean no order sent for
some time by the sftp client).

My colleague has proposed a patch to deal with it in
https://bugzilla.mindrot.org/show_bug.cgi?id=3484

It looks like a reasonable feature and I kindly ask to evaluate this and
include it into an upcoming OpenSSH release.

Many thanks in advance!

--
Dmitry Belyavskiy
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Implementing sftp server-side timeout [ In reply to ]
Dmitry Belyavskiy wrote:
> My colleague has proposed a patch to deal with it in
> https://bugzilla.mindrot.org/show_bug.cgi?id=3484
>
> It looks like a reasonable feature

Have you considered that the feature actually requires sftp-server to
measure time, and how undesirable that is?

The proposed patch doesn't implement what it says: using poll() fd
events to approximate actual SFTP protocol events is a rather weak
heuristic that is likely to cause problems when fd events happen to
/not/ coincide with SFTP protocol events sometime in the future. Note
that poll() is platform-specific.

Again, I for one don't want sftp-server to measure time, which is
what would be needed to actually determine SFTP protocol timeout.


Implementation comment: Why use strtol() when negative numbers are disallowed?


Finally, have you tested how this works with internal-sftp?

I guess many large scale servers don't use internal-sftp because of
logging requirements as discussed in an older thread but I bet that
internal-sftp is desirable especially when scaling up so make sure
to not neglect it. Thanks.


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Implementing sftp server-side timeout [ In reply to ]
On Fri, 21 Oct 2022 at 01:14, Peter Stuge <peter@stuge.se> wrote:
[...]
> Note that poll() is platform-specific.

That's true, however OpenSSH provides an implementation of poll()
(which is not specified by POSIX) on top of select() (which is) in the
compat library.

We have been slowly migrating to the poll API since it's a bit more
programmer-friendly, at least for our use case, so the use of poll is
not an issue.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Implementing sftp server-side timeout [ In reply to ]
On Thu, 20 Oct 2022, Peter Stuge wrote:

> Finally, have you tested how this works with internal-sftp?
>
> I guess many large scale servers don't use internal-sftp because of
> logging requirements as discussed in an older thread but I bet that
> internal-sftp is desirable especially when scaling up so make sure
> to not neglect it. Thanks.

I didn't catch the other thread, but internal-sftp logging should work
just fine.

e.g. with

Subsystem sftp internal-sftp -l verbose -f daemon

I see:

Oct 21 16:46:22 djm internal-sftp[82167]: session opened for local user djm from [10.130.80.1]
Oct 21 16:46:22 djm internal-sftp[82167]: received client version 3
Oct 21 16:46:22 djm internal-sftp[82167]: realpath "."
Oct 21 16:47:59 djm internal-sftp[82167]: session closed for local user djm from [10.130.80.1]

-d

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Implementing sftp server-side timeout [ In reply to ]
On Thu, 20 Oct 2022, Peter Stuge wrote:

> Finally, have you tested how this works with internal-sftp?
>
> I guess many large scale servers don't use internal-sftp because of
> logging requirements as discussed in an older thread but I bet that
> internal-sftp is desirable especially when scaling up so make sure
> to not neglect it. Thanks.

I didn't catch the other thread, but internal-sftp logging should work
just fine.

e.g. with

Subsystem sftp internal-sftp -l verbose -f daemon

I see:

Oct 21 16:46:22 djm internal-sftp[82167]: session opened for local user djm from [10.130.80.1]
Oct 21 16:46:22 djm internal-sftp[82167]: received client version 3
Oct 21 16:46:22 djm internal-sftp[82167]: realpath "."
Oct 21 16:47:59 djm internal-sftp[82167]: session closed for local user djm from [10.130.80.1]

-d

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Implementing sftp server-side timeout [ In reply to ]
Dear Darren and Damien,

Do you like the proposed approach and cmdline option?

On Fri, Oct 21, 2022 at 7:50 AM Damien Miller <djm@mindrot.org> wrote:

> On Thu, 20 Oct 2022, Peter Stuge wrote:
>
> > Finally, have you tested how this works with internal-sftp?
> >
> > I guess many large scale servers don't use internal-sftp because of
> > logging requirements as discussed in an older thread but I bet that
> > internal-sftp is desirable especially when scaling up so make sure
> > to not neglect it. Thanks.
>
> I didn't catch the other thread, but internal-sftp logging should work
> just fine.
>
> e.g. with
>
> Subsystem sftp internal-sftp -l verbose -f daemon
>
> I see:
>
> Oct 21 16:46:22 djm internal-sftp[82167]: session opened for local user
> djm from [10.130.80.1]
> Oct 21 16:46:22 djm internal-sftp[82167]: received client version 3
> Oct 21 16:46:22 djm internal-sftp[82167]: realpath "."
> Oct 21 16:47:59 djm internal-sftp[82167]: session closed for local user
> djm from [10.130.80.1]
>
> -d
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>

--
Dmitry Belyavskiy
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Implementing sftp server-side timeout [ In reply to ]
I don't think timeouts should be implemented in sftp-server, but in
sshd(8). I have a prototype of a generic channel timeout mechanism at
https://github.com/djmdjm/openssh-wip/pull/16

On Thu, 15 Dec 2022, Dmitry Belyavskiy wrote:

> Dear Darren and Damien,
>
> Do you like the proposed approach and cmdline option?
>
> On Fri, Oct 21, 2022 at 7:50 AM Damien Miller <djm@mindrot.org> wrote:
>
> > On Thu, 20 Oct 2022, Peter Stuge wrote:
> >
> > > Finally, have you tested how this works with internal-sftp?
> > >
> > > I guess many large scale servers don't use internal-sftp because of
> > > logging requirements as discussed in an older thread but I bet that
> > > internal-sftp is desirable especially when scaling up so make sure
> > > to not neglect it. Thanks.
> >
> > I didn't catch the other thread, but internal-sftp logging should work
> > just fine.
> >
> > e.g. with
> >
> > Subsystem sftp internal-sftp -l verbose -f daemon
> >
> > I see:
> >
> > Oct 21 16:46:22 djm internal-sftp[82167]: session opened for local user
> > djm from [10.130.80.1]
> > Oct 21 16:46:22 djm internal-sftp[82167]: received client version 3
> > Oct 21 16:46:22 djm internal-sftp[82167]: realpath "."
> > Oct 21 16:47:59 djm internal-sftp[82167]: session closed for local user
> > djm from [10.130.80.1]
> >
> > -d
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev@mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
> >
>
> --
> Dmitry Belyavskiy
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: Implementing sftp server-side timeout [ In reply to ]
Damien Miller wrote:
> > Finally, have you tested how this works with internal-sftp?
> >
> > I guess many large scale servers don't use internal-sftp because of
> > logging requirements as discussed in an older thread but I bet that
> > internal-sftp is desirable especially when scaling up so make sure
> > to not neglect it. Thanks.
>
> I didn't catch the other thread, but internal-sftp logging should
> work just fine.

I failed to mention the chroot condition. There was a long-ish thread
on logging from chrooted sftp-server some months ago (last year?).


Damien Miller wrote:
> I don't think timeouts should be implemented in sftp-server, but in
> sshd(8). I have a prototype of a generic channel timeout mechanism at
> https://github.com/djmdjm/openssh-wip/pull/16

That's a really good general solution, keeping sftp-server simple.


Thanks a lot

//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev