Does the file server disconnect or force authentication of users after a specified period of inactivity?

0 votes
asked Jul 25 by Paula (290 points)

Is there a setting in SFTP server which defines the max inactivity time for sessions? I'm looking at ServerSettings.MaxSessionDuration, but it's not clear whether it refers to the whole session duration, or only the inactive duration.

Thanks in advance.

1 Answer

0 votes
answered Jul 26 by Lukas Pokorny (92,830 points)

MaxSessionDuration specifies when SSH session renegotiation is to occur. This does not disconnect the user, it just renegotiates encryption keys. Forcing reauthentication is not supported by the SSH protocol.

Disconnect users after a period of inactivity is not currently supported, although some form of it can be implemented by closing instances of ServerSession obtained through FileServer.Sessions, although detecting inactivity might be tricky.

commented Jul 26 by Paula (290 points)
"Disconnect users after a period of inactivity is not currently supported" - any chance for it to be in the (near) future?
commented Jul 27 by Lukas Pokorny (92,830 points)
I guess we should at least make that easier. However, how do you define "inactivity"? Should session that only pings the server wish an "ignore" packet every minute to be considered inactive?
commented Jul 30 by Paula (290 points)
At a high level, I would define activity as commands issued by SFTP clients as a result of explicit user interaction or scripts (in case of unattended clients). Anything else (and I am aware that this is rather generic) would fall in the category of inactivity.
commented Jul 31 by Lukas Pokorny (92,830 points)
That's quite tricky, because at the server, there is no way to determine which activity is a result of explicit user interaction. However, I guess we will try adding a LastActivity (DateTime) property (while possibly making it possible to specify which actions are to be consideres 'activity') to ServerSession to make it possible to implement the auto-disconnect feature. I adding this to our list of future improvements.