- markus@cvs.openbsd.org 2003/12/09 21:53:37

     [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
     rename keepalive to tcpkeepalive; the old name causes too much
     confusion; ok djm, dtucker; with help from jmc@

12 files changed, 83 insertions, 76 deletions

diff --git a/ChangeLog b/ChangeLog
index d737c855d..0b97adc72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,11 @@
    - markus@cvs.openbsd.org 2003/12/09 17:30:05
      [ssh.c]
      don't modify argv for ssh -o; similar to sshd.c 1.283
+   - markus@cvs.openbsd.org 2003/12/09 21:53:37
+     [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
+     [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
+     rename keepalive to tcpkeepalive; the old name causes too much
+     confusion; ok djm, dtucker; with help from jmc@
 
 20031209
  - (dtucker) OpenBSD CVS Sync
@@ -1581,4 +1586,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3142 2003/12/17 05:30:06 djm Exp $
+$Id: ChangeLog,v 1.3143 2003/12/17 05:31:10 djm Exp $
diff --git a/readconf.c b/readconf.c
index da49a3944..cd2c81443 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.126 2003/12/09 21:53:36 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -78,7 +78,7 @@ RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $");
      RSAAuthentication yes
      RhostsRSAAuthentication yes
      StrictHostKeyChecking yes
-     KeepAlives no
+     TcpKeepAlive no
      IdentityFile ~/.ssh/identity
      Port 22
      EscapeChar ~
@@ -96,7 +96,7 @@ typedef enum {
         oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
         oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
         oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
-        oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
+        oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
         oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
         oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
         oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
@@ -169,7 +169,8 @@ static struct {
         { "stricthostkeychecking", oStrictHostKeyChecking },
         { "compression", oCompression },
         { "compressionlevel", oCompressionLevel },
-        { "keepalive", oKeepAlives },
+        { "tcpkeepalive", oTCPKeepAlive },
+        { "keepalive", oTCPKeepAlive },                         /* obsolete */
         { "numberofpasswordprompts", oNumberOfPasswordPrompts },
         { "loglevel", oLogLevel },
         { "dynamicforward", oDynamicForward },
@@ -427,8 +428,8 @@ parse_yesnoask:
                 intptr = &options->compression;
                 goto parse_flag;
 
-        case oKeepAlives:
-                intptr = &options->keepalives;
+        case oTCPKeepAlive:
+                intptr = &options->tcp_keep_alive;
                 goto parse_flag;
 
         case oNoHostAuthenticationForLocalhost:
@@ -826,7 +827,7 @@ initialize_options(Options * options)
         options->check_host_ip = -1;
         options->strict_host_key_checking = -1;
         options->compression = -1;
-        options->keepalives = -1;
+        options->tcp_keep_alive = -1;
         options->compression_level = -1;
         options->port = -1;
         options->address_family = -1;
@@ -909,8 +910,8 @@ fill_default_options(Options * options)
                 options->strict_host_key_checking = 2;  /* 2 is default */
         if (options->compression == -1)
                 options->compression = 0;
-        if (options->keepalives == -1)
-                options->keepalives = 1;
+        if (options->tcp_keep_alive == -1)
+                options->tcp_keep_alive = 1;
         if (options->compression_level == -1)
                 options->compression_level = 6;
         if (options->port == -1)
diff --git a/readconf.h b/readconf.h
index 650132346..f2a859fbe 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: readconf.h,v 1.57 2003/11/21 11:57:03 djm Exp $       */
+/*      $OpenBSD: readconf.h,v 1.58 2003/12/09 21:53:36 markus Exp $    */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -53,7 +53,7 @@ typedef struct {
         int     compression;    /* Compress packets in both directions. */
         int     compression_level;      /* Compression level 1 (fast) to 9
                                          * (best). */
-        int     keepalives;     /* Set SO_KEEPALIVE. */
+        int     tcp_keep_alive; /* Set SO_KEEPALIVE. */
         LogLevel log_level;     /* Level for logging. */
 
         int     port;           /* Port to connect. */
diff --git a/scp.1 b/scp.1
index 4dab2a1db..cbebb949a 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.30 2003/10/13 08:22:25 markus Exp $
+.\" $OpenBSD: scp.1,v 1.31 2003/12/09 21:53:36 markus Exp $
 .\"
 .Dd September 25, 1999
 .Dt SCP 1
@@ -137,7 +137,6 @@ For full details of the options listed below, and their possible values, see
 .It HostKeyAlias
 .It HostName
 .It IdentityFile
-.It KeepAlive
 .It LogLevel
 .It MACs
 .It NoHostAuthenticationForLocalhost
@@ -152,6 +151,7 @@ For full details of the options listed below, and their possible values, see
 .It RSAAuthentication
 .It SmartcardDevice
 .It StrictHostKeyChecking
+.It TCPKeepAlive
 .It UsePrivilegedPort
 .It User
 .It UserKnownHostsFile
diff --git a/servconf.c b/servconf.c
index 0df62ad63..a6824a863 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.128 2003/09/29 20:19:57 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.129 2003/12/09 21:53:36 markus Exp $");
 
 #include "ssh.h"
 #include "log.h"
@@ -61,7 +61,7 @@ initialize_server_options(ServerOptions *options)
         options->x11_use_localhost = -1;
         options->xauth_location = NULL;
         options->strict_modes = -1;
-        options->keepalives = -1;
+        options->tcp_keep_alive = -1;
         options->log_facility = SYSLOG_FACILITY_NOT_SET;
         options->log_level = SYSLOG_LEVEL_NOT_SET;
         options->rhosts_rsa_authentication = -1;
@@ -159,8 +159,8 @@ fill_default_server_options(ServerOptions *options)
                 options->xauth_location = _PATH_XAUTH;
         if (options->strict_modes == -1)
                 options->strict_modes = 1;
-        if (options->keepalives == -1)
-                options->keepalives = 1;
+        if (options->tcp_keep_alive == -1)
+                options->tcp_keep_alive = 1;
         if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
                 options->log_facility = SYSLOG_FACILITY_AUTH;
         if (options->log_level == SYSLOG_LEVEL_NOT_SET)
@@ -254,7 +254,7 @@ typedef enum {
         sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
         sPrintMotd, sPrintLastLog, sIgnoreRhosts,
         sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
-        sStrictModes, sEmptyPasswd, sKeepAlives,
+        sStrictModes, sEmptyPasswd, sTCPKeepAlive,
         sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
         sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
         sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -334,7 +334,8 @@ static struct {
         { "permituserenvironment", sPermitUserEnvironment },
         { "uselogin", sUseLogin },
         { "compression", sCompression },
-        { "keepalive", sKeepAlives },
+        { "tcpkeepalive", sTCPKeepAlive },
+        { "keepalive", sTCPKeepAlive },                         /* obsolete alias */
         { "allowtcpforwarding", sAllowTcpForwarding },
         { "allowusers", sAllowUsers },
         { "denyusers", sDenyUsers },
@@ -677,8 +678,8 @@ parse_flag:
                 intptr = &options->strict_modes;
                 goto parse_flag;
 
-        case sKeepAlives:
-                intptr = &options->keepalives;
+        case sTCPKeepAlive:
+                intptr = &options->tcp_keep_alive;
                 goto parse_flag;
 
         case sEmptyPasswd:
diff --git a/servconf.h b/servconf.h
index 828e94c5c..3cf47bf2f 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: servconf.h,v 1.65 2003/09/01 18:15:50 markus Exp $    */
+/*      $OpenBSD: servconf.h,v 1.66 2003/12/09 21:53:37 markus Exp $    */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -58,7 +58,7 @@ typedef struct {
         int     x11_use_localhost;      /* If true, use localhost for fake X11 server. */
         char   *xauth_location; /* Location of xauth program */
         int     strict_modes;   /* If true, require string home dir modes. */
-        int     keepalives;     /* If true, set SO_KEEPALIVE. */
+        int     tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
         char   *ciphers;        /* Supported SSH2 ciphers. */
         char   *macs;           /* Supported SSH2 macs. */
         int     protocol;       /* Supported protocol versions. */
diff --git a/sftp.1 b/sftp.1
index 00253037d..91a288dfc 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.47 2003/10/13 08:22:25 markus Exp $
+.\" $OpenBSD: sftp.1,v 1.48 2003/12/09 21:53:37 markus Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -158,7 +158,6 @@ For full details of the options listed below, and their possible values, see
 .It HostKeyAlias
 .It HostName
 .It IdentityFile
-.It KeepAlive
 .It LogLevel
 .It MACs
 .It NoHostAuthenticationForLocalhost
@@ -173,6 +172,7 @@ For full details of the options listed below, and their possible values, see
 .It RSAAuthentication
 .It SmartcardDevice
 .It StrictHostKeyChecking
+.It TCPKeepAlive
 .It UsePrivilegedPort
 .It User
 .It UserKnownHostsFile
diff --git a/ssh.1 b/ssh.1
index 25de869ad..33521268b 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.179 2003/11/24 00:16:35 dtucker Exp $
+.\" $OpenBSD: ssh.1,v 1.180 2003/12/09 21:53:37 markus Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -634,7 +634,6 @@ For full details of the options listed below, and their possible values, see
 .It HostKeyAlias
 .It HostName
 .It IdentityFile
-.It KeepAlive
 .It LocalForward
 .It LogLevel
 .It MACs
@@ -651,6 +650,7 @@ For full details of the options listed below, and their possible values, see
 .It RSAAuthentication
 .It SmartcardDevice
 .It StrictHostKeyChecking
+.It TCPKeepAlive
 .It UsePrivilegedPort
 .It User
 .It UserKnownHostsFile
diff --git a/ssh_config.5 b/ssh_config.5
index 8857073a5..3aafa4e7d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.25 2003/11/12 20:14:51 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.26 2003/12/09 21:53:37 markus Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -408,23 +408,6 @@ syntax to refer to a user's home directory.
 It is possible to have
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.
-.It Cm KeepAlive
-Specifies whether the system should send TCP keepalive messages to the
-other side.
-If they are sent, death of the connection or crash of one
-of the machines will be properly noticed.
-However, this means that
-connections will die if the route is down temporarily, and some people
-find it annoying.
-.Pp
-The default is
-.Dq yes
-(to send keepalives), and the client will notice
-if the network goes down or the remote host dies.
-This is important in scripts, and many users want it too.
-.Pp
-To disable keepalives, the value should be set to
-.Dq no .
 .It Cm LocalForward
 Specifies that a TCP/IP port on the local machine be forwarded over
 the secure channel to the specified host and port from the remote machine.
@@ -613,6 +596,23 @@ or
 .Dq ask .
 The default is
 .Dq ask .
+.It Cm TCPKeepAlive
+Specifies whether the system should send TCP keepalive messages to the
+other side.
+If they are sent, death of the connection or crash of one
+of the machines will be properly noticed.
+However, this means that
+connections will die if the route is down temporarily, and some people
+find it annoying.
+.Pp
+The default is
+.Dq yes
+(to send TCP keepalive messages), and the client will notice
+if the network goes down or the remote host dies.
+This is important in scripts, and many users want it too.
+.Pp
+To disable TCP keepalive messages, the value should be set to
+.Dq no .
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be
diff --git a/sshconnect.c b/sshconnect.c
index 3d6cc375a..80b45c79e 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.154 2003/11/21 11:57:03 djm Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.155 2003/12/09 21:53:37 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -415,8 +415,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 
         debug("Connection established.");
 
-        /* Set keepalives if requested. */
-        if (options.keepalives &&
+        /* Set SO_KEEPALIVE if requested. */
+        if (options.tcp_keep_alive &&
             setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
             sizeof(on)) < 0)
                 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
diff --git a/sshd.c b/sshd.c
index 50856317a..ab029b00f 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.283 2003/12/09 17:29:04 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.284 2003/12/09 21:53:37 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1398,8 +1398,8 @@ main(int ac, char **av)
         signal(SIGCHLD, SIG_DFL);
         signal(SIGINT, SIG_DFL);
 
-        /* Set keepalives if requested. */
-        if (options.keepalives &&
+        /* Set SO_KEEPALIVE if requested. */
+        if (options.tcp_keep_alive &&
             setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
             sizeof(on)) < 0)
                 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
diff --git a/sshd_config.5 b/sshd_config.5
index 06a197b76..ad3cf76df 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.26 2003/11/21 11:57:03 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.27 2003/12/09 21:53:37 markus Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -156,12 +156,12 @@ If this threshold is reached while client alive messages are being sent,
 will disconnect the client, terminating the session.
 It is important to note that the use of client alive messages is very
 different from
-.Cm KeepAlive
+.Cm TCPKeepAlive
 (below).
 The client alive messages are sent through the encrypted channel
 and therefore will not be spoofable.
 The TCP keepalive option enabled by
-.Cm KeepAlive
+.Cm TCPKeepAlive
 is spoofable.
 The client alive mechanism is valuable when the client or
 server depend on knowing when a connection has become inactive.
@@ -292,27 +292,6 @@ or
 .Cm HostbasedAuthentication .
 The default is
 .Dq no .
-.It Cm KeepAlive
-Specifies whether the system should send TCP keepalive messages to the
-other side.
-If they are sent, death of the connection or crash of one
-of the machines will be properly noticed.
-However, this means that
-connections will die if the route is down temporarily, and some people
-find it annoying.
-On the other hand, if keepalives are not sent,
-sessions may hang indefinitely on the server, leaving
-.Dq ghost
-users and consuming server resources.
-.Pp
-The default is
-.Dq yes
-(to send keepalives), and the server will notice
-if the network goes down or the client host crashes.
-This avoids infinitely hanging sessions.
-.Pp
-To disable keepalives, the value should be set to
-.Dq no .
 .It Cm KerberosAuthentication
 Specifies whether the password provided by the user for
 .Cm PasswordAuthentication
@@ -580,6 +559,27 @@ Gives the facility code that is used when logging messages from
 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 The default is AUTH.
+.It Cm TCPKeepAlive
+Specifies whether the system should send TCP keepalive messages to the
+other side.
+If they are sent, death of the connection or crash of one
+of the machines will be properly noticed.
+However, this means that
+connections will die if the route is down temporarily, and some people
+find it annoying.
+On the other hand, if TCP keepalives are not sent,
+sessions may hang indefinitely on the server, leaving
+.Dq ghost
+users and consuming server resources.
+.Pp
+The default is
+.Dq yes
+(to send TCP keepalive messages), and the server will notice
+if the network goes down or the client host crashes.
+This avoids infinitely hanging sessions.
+.Pp
+To disable TCP keepalive messages, the value should be set to
+.Dq no .
 .It Cm UseDNS
 Specifies whether
 .Nm sshd