Hi, I am trying to understand the ChannelTimeout option and whether it should work as I expect. I intended to use it to terminate inactive sessions, e.g. where no keystrokes / output is sent or SFTP sessions with no commands or data transfer. For testing I am using OpenSSH_9.6p1 Debian-5, OpenSSL 3.1.5 30 Jan 2024 both as the server and client. I set the following options in sshd_config: ChannelTimeout agent-connection=60 direct-tcpip=60 direct-streamlocal@xxxxxxxxxxx=60 forwarded-tcpip=60 forwarded-streamlocal@xxxxxxxxxxx=60 session=60 tun-connection=60 x11-connection=60 UnusedConnectionTimeout 1m The changelog suggests that support for the global keyword was added in OpenSSH 9.7, so instead I listed them individually. Connecting to the server with ssh -vv user@hostname shows that channel 0 is opened for a shell: debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 No input is sent and the only output is a shell prompt (no dynamic content like tmux / htop). This channel is not closed regardless of how long I wait, and the session is not terminated. I get similar results with sftp. The only channel I see in the debug output is channel 0. If it's relevant then I do see "inactive timeout: 0" in the debug output when the channel is created: debug3: channel_clear_timeouts: clearing debug1: channel 0: new session [client-session] (inactive timeout: 0) Opening a session with no channels using ssh -N user@hostname produces a different result. After 60ish seconds the connection is closed: Connection to localhost closed by remote host. Transferred: sent 3112, received 3520 bytes, in 60.9 seconds This suggests that UnusedConnectionTimeout is working as I expect, but ChannelTimeout is not. Is there other data sent across the channel that stops this from functioning how I expect? Is this how the ChannelTimeout expected to work? David _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
