Ssh – How to disconnect idle SFTP users

sftpssh

I have a SFTP server, where clients connect every minute to exchange files. There are few clients who connect and then dont disconnect resulting in a lot of connections over a period of time. This is choking up the CPU. I have set ClientAliveInterval and ClientAliveCountMax in sshd_config which disconnects idle ssh connection after a certain period, but id doesnt seem to disconnect the idle sftp connections. How do I force idle sftp connections to disconnect?

Best Answer

Try this step by step:

pstree -p -- the whole process tree will be displayed.

w - Who is doing what. - may be this will not be necessary (or maybe you can get the idle times for the users.)

ps aux| grep sshd

Try to get the process id of sshd session, which is the parent process of the sftp server. You can get a user's sftp process id from ps aux | grep sshd, the kill its parent process:

ps output will be like:

root@server:/# ps aux | grep ssh
root      3531  0.0  0.0   5312  1012 ?        Ss   Jan02   0:00 /usr/sbin/sshd
root     24034  0.0  0.1   8052  2412 ?        Ss   13:24   0:00 sshd: metin [priv]
metin    24039  0.0  0.0   8052  1500 ?        S    13:24   0:00 sshd: metin@notty
metin    24042  0.0  0.0   4568  1240 ?        Ss   13:24   0:00 /usr/lib/openssh/sftp-server
root     24043  0.0  0.1   8052  2632 ?        Ss   13:24   0:00 sshd: metin [priv]
metin    24048  0.0  0.0   8052  1532 ?        S    13:24   0:00 sshd: metin@pts/0
root     24109  0.0  0.0   3000   748 pts/0    R+   13:26   0:00 grep ssh

pstree -p output will be like:

init(1)─┬─apache2(4012)─┬─apache2(23627)
        │               ├─apache2(23846)
        │               ├─apache2(23913)
        │               ├─apache2(23998)
        │               ├─apache2(24000)
        │               ├─apache2(24025)
        │               ├─apache2(24028)
        │               ├─apache2(24073)
        │               ├─apache2(24074)
        │               └─apache2(24075)
        ├─console-kit-dae(25820)
        ├─courierlogger(3719)───authdaemond(3720)─┬─authdaemond(3734)
        │                                         ├─authdaemond(3736)
        │                                         ├─authdaemond(3738)
        │                                         ├─authdaemond(3740)
        │                                         └─authdaemond(3741)
        ├─courierlogger(3744)───couriertcpd(3745)
        ├─courierlogger(3768)───couriertcpd(3769)
        ├─courierlogger(3786)───couriertcpd(3787)
        ├─courierlogger(3810)───couriertcpd(3811)
        ├─cron(3991)
        ├─dbus-daemon(3475)
        ├─dd(3451)
        ├─getty(4038)
        ├─klogd(3454)
        ├─master(3882)─┬─pickup(23992)
        │              ├─qmgr(3885)
        │              └─tlsmgr(4144)
        ├─mysqld_safe(3591)─┬─logger(3635)
        │                   └─mysqld(3633)─┬─{mysqld}(3637)
        │                                  ├─{mysqld}(3638)
        │                                  ├─{mysqld}(3639)
        │                                  ├─{mysqld}(3640)
        │                                  ├─{mysqld}(3642)
        │                                  ├─{mysqld}(3643)
        │                                  ├─{mysqld}(3644)
        │                                  ├─{mysqld}(3655)
        │                                  ├─{mysqld}(861)
        │                                  ├─{mysqld}(17322)
        │                                  ├─{mysqld}(18125)
        │                                  ├─{mysqld}(18872)
        │                                  ├─{mysqld}(21229)
        │                                  ├─{mysqld}(23352)
        │                                  ├─{mysqld}(23353)
        │                                  └─{mysqld}(23370)
        ├─named(3502)─┬─{named}(3504)
        │             ├─{named}(3505)
        │             └─{named}(3506)
        ├─ntpd(3106)
        ├─saslauthd(3912)─┬─saslauthd(3913)
        │                 ├─saslauthd(3914)
        │                 ├─saslauthd(3915)
        │                 └─saslauthd(3916)
        ├─sshd(3531)─┬─sshd(24034)───sshd(24039)───sftp-server(24042)
        │          ├─sshd(24043)───sshd(24048)───bash(24050)───su(24077)───bash(24078)───ps+
        │            └─sshd(24094)───sshd(24099)───sftp-server(24101)
        ├─syslogd(3429)
        ├─udevd(2216)
        └─vsftpd(3932)

And you're going to do kill 24034, because it is parent sshd session for the process user "metin" have been using as process 24042 (take a look at ps output above).

And also you can get their status (Idle, sleep, active and etc.) from the output of the ps.

If you want to do this automatically, I don't know any software for this, but you can write your own script.

Related Topic