diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-05-16 20:28:16 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-05-16 20:28:16 +1000 |
commit | c53c2af173cf67fd1c26f98e7900299b1b65b6ec (patch) | |
tree | 1c83d4abcdec31e4be6d8a2955fdad33b985b976 /ssh_config.5 | |
parent | 64c6fceecd27e1739040b42de8f3759454260b39 (diff) |
- dtucker@cvs.openbsd.org 2013/05/16 02:00:34
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
ssh_config.5 packet.h]
Add an optional second argument to RekeyLimit in the client to allow
rekeying based on elapsed time in addition to amount of traffic.
with djm@ jmc@, ok djm
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 269529c00..97897e00e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.161 2013/01/08 18:49:04 markus Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.162 2013/05/16 02:00:34 dtucker Exp $ |
37 | .Dd $Mdocdate: January 8 2013 $ | 37 | .Dd $Mdocdate: May 16 2013 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -931,8 +931,9 @@ The default is | |||
931 | This option applies to protocol version 2 only. | 931 | This option applies to protocol version 2 only. |
932 | .It Cm RekeyLimit | 932 | .It Cm RekeyLimit |
933 | Specifies the maximum amount of data that may be transmitted before the | 933 | Specifies the maximum amount of data that may be transmitted before the |
934 | session key is renegotiated. | 934 | session key is renegotiated, optionally followed a maximum amount of |
935 | The argument is the number of bytes, with an optional suffix of | 935 | time that may pass before the session key is renegotiated. |
936 | The first argument is specified in bytes and may have a suffix of | ||
936 | .Sq K , | 937 | .Sq K , |
937 | .Sq M , | 938 | .Sq M , |
938 | or | 939 | or |
@@ -943,6 +944,17 @@ The default is between | |||
943 | and | 944 | and |
944 | .Sq 4G , | 945 | .Sq 4G , |
945 | depending on the cipher. | 946 | depending on the cipher. |
947 | The optional second value is specified in seconds and may use any of the | ||
948 | units documented in the | ||
949 | .Sx TIME FORMATS | ||
950 | section of | ||
951 | .Xr sshd_config 5 . | ||
952 | The default value for | ||
953 | .Cm RekeyLimit | ||
954 | is | ||
955 | .Dq default none , | ||
956 | which means that rekeying is performed after the cipher's default amount | ||
957 | of data has been sent or received and no time based rekeying is done. | ||
946 | This option applies to protocol version 2 only. | 958 | This option applies to protocol version 2 only. |
947 | .It Cm RemoteForward | 959 | .It Cm RemoteForward |
948 | Specifies that a TCP port on the remote machine be forwarded over | 960 | Specifies that a TCP port on the remote machine be forwarded over |