Solved Pure-ftpd timeout not working

Hi,

When I login to pure-ftpd with Winscp on windows 10, I stay logged in forever unless I manually disconnect.
For example: If I log in at 23:00 and go to bed, the next morning ( after 8 hours of inactivity ) I am still logged in.

I want to change this behaviour so that after, 1 hour of inactivity the users get kicked out and forced to login again.

In my /etc/pure-ftpd.conf
I already set the MaxIdleTime but this doesn't seem to do anything at all.
Code:
# Maximum idle time in minutes (default = 15 minutes)
MaxIdleTime  60

The documenation also say the following but not sure how to interpret it all:
Code:
- '-I <timeout>': Change the maximum idle time. The timeout is in minutes
and defaults to 15 minutes. Modern FTP clients are trying to fool timeouts
by sending fake commands at regular interval. We disconnect these clients
when they are idle for twice (because they are active anyway) the normal
timeout.
Could anyone help please?

ps: I did restart the ftp server after the change
Thank you
 
WinSCP has options for "keepalive" of connections as well as automatic reconnecting, did you make sure they aren't active?
 
WinSCP has options for "keepalive" of connections as well as automatic reconnecting, did you make sure they aren't active?
Really interesting, thank you.
On my machine I manged to changed this setting but how do I 'force' disconnection with such ftp client?
 
On my machine I manged to changed this setting but how do I 'force' disconnection with such ftp client?
My guess is that will be close to impossible. As you can read in the documentation you quoted, your ftp daemon already has a feature to detect typical "keepalive" activity. But what would you do about automatic reconnects? How can you tell the reconnect was, indeed, without user interaction? Of course you could block a client for some time after being disconnected, but that would probably hit a user reconnecting manually, too (sooner or later).
 
Well, at least not without a lot of effort (like detecting these things based on heuristics: how long does it take until a client reconnects, how often does the client issue unnecessary protocol commands, etc and ban based on that) and the risk for false positives. So, kind of what a typical intrusion detection system does. IMHO, it's better to ask your users to configure their clients for being nice to the service.
 
Back
Top