https://bugzilla.mindrot.org/show_bug.cgi?id=3362
--- Comment #7 from [email protected] --- Unfortunately, this doesn't really fix the issue. Because it requires you to a) know which channels your users are using, and more importantly b) which channels your users are NOT using, and adjust your settings on the fly to match. Because since each channel has its own timeout, you can't just say, "disconnect after the user has done nothing anywhere for 15 minutes". For example, let's say a user logs in with X forwarding enabled, then opens an SSH session to another server, and starts an X program on that server in the background. If you're watching for inactivity on all channels, then if the shell channel goes inactive (because they're working in the X window), the connection gets terminated while they are most definitely NOT idle (easy to test - set ChannelTimeout *=5m; ssh to that server, then from there to another server; start an xterm window, in it run a while loop that outputs to the screen. After the 5 minutes of inactivity in the shell, the entire SSH gets killed. The same is not true if the while loop is run directly in the SSH session shell). The same is potentially true in other situations as well. While this mechanism may ultimately hold value, the fact that each channel is monitored for timeout separately and there's not a way to say, "Monitor for inactivity across all channels with a single timeout value that gets updated if there's activity on any channel" severely limits the usefulness of this new method. Because of this limitation, this is not a viable solution to the requested functionality. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
