diff options
author | Damien Miller <djm@mindrot.org> | 2003-12-17 16:31:10 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-12-17 16:31:10 +1100 |
commit | 12c150e7e0711e29ea5dc78d3c9ed46221319dc5 (patch) | |
tree | 71ac83ddc9424e406a2363c4985fdf67005d909e /sshd_config.5 | |
parent | 9836cf8d717455f1bba2dfbf2e41f074fc6bac48 (diff) |
- markus@cvs.openbsd.org 2003/12/09 21:53:37
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
rename keepalive to tcpkeepalive; the old name causes too much
confusion; ok djm, dtucker; with help from jmc@
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 06a197b76..ad3cf76df 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.26 2003/11/21 11:57:03 djm Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.27 2003/12/09 21:53:37 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -156,12 +156,12 @@ If this threshold is reached while client alive messages are being sent, | |||
156 | will disconnect the client, terminating the session. | 156 | will disconnect the client, terminating the session. |
157 | It is important to note that the use of client alive messages is very | 157 | It is important to note that the use of client alive messages is very |
158 | different from | 158 | different from |
159 | .Cm KeepAlive | 159 | .Cm TCPKeepAlive |
160 | (below). | 160 | (below). |
161 | The client alive messages are sent through the encrypted channel | 161 | The client alive messages are sent through the encrypted channel |
162 | and therefore will not be spoofable. | 162 | and therefore will not be spoofable. |
163 | The TCP keepalive option enabled by | 163 | The TCP keepalive option enabled by |
164 | .Cm KeepAlive | 164 | .Cm TCPKeepAlive |
165 | is spoofable. | 165 | is spoofable. |
166 | The client alive mechanism is valuable when the client or | 166 | The client alive mechanism is valuable when the client or |
167 | server depend on knowing when a connection has become inactive. | 167 | server depend on knowing when a connection has become inactive. |
@@ -292,27 +292,6 @@ or | |||
292 | .Cm HostbasedAuthentication . | 292 | .Cm HostbasedAuthentication . |
293 | The default is | 293 | The default is |
294 | .Dq no . | 294 | .Dq no . |
295 | .It Cm KeepAlive | ||
296 | Specifies whether the system should send TCP keepalive messages to the | ||
297 | other side. | ||
298 | If they are sent, death of the connection or crash of one | ||
299 | of the machines will be properly noticed. | ||
300 | However, this means that | ||
301 | connections will die if the route is down temporarily, and some people | ||
302 | find it annoying. | ||
303 | On the other hand, if keepalives are not sent, | ||
304 | sessions may hang indefinitely on the server, leaving | ||
305 | .Dq ghost | ||
306 | users and consuming server resources. | ||
307 | .Pp | ||
308 | The default is | ||
309 | .Dq yes | ||
310 | (to send keepalives), and the server will notice | ||
311 | if the network goes down or the client host crashes. | ||
312 | This avoids infinitely hanging sessions. | ||
313 | .Pp | ||
314 | To disable keepalives, the value should be set to | ||
315 | .Dq no . | ||
316 | .It Cm KerberosAuthentication | 295 | .It Cm KerberosAuthentication |
317 | Specifies whether the password provided by the user for | 296 | Specifies whether the password provided by the user for |
318 | .Cm PasswordAuthentication | 297 | .Cm PasswordAuthentication |
@@ -580,6 +559,27 @@ Gives the facility code that is used when logging messages from | |||
580 | The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, | 559 | The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
581 | LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. | 560 | LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
582 | The default is AUTH. | 561 | The default is AUTH. |
562 | .It Cm TCPKeepAlive | ||
563 | Specifies whether the system should send TCP keepalive messages to the | ||
564 | other side. | ||
565 | If they are sent, death of the connection or crash of one | ||
566 | of the machines will be properly noticed. | ||
567 | However, this means that | ||
568 | connections will die if the route is down temporarily, and some people | ||
569 | find it annoying. | ||
570 | On the other hand, if TCP keepalives are not sent, | ||
571 | sessions may hang indefinitely on the server, leaving | ||
572 | .Dq ghost | ||
573 | users and consuming server resources. | ||
574 | .Pp | ||
575 | The default is | ||
576 | .Dq yes | ||
577 | (to send TCP keepalive messages), and the server will notice | ||
578 | if the network goes down or the client host crashes. | ||
579 | This avoids infinitely hanging sessions. | ||
580 | .Pp | ||
581 | To disable TCP keepalive messages, the value should be set to | ||
582 | .Dq no . | ||
583 | .It Cm UseDNS | 583 | .It Cm UseDNS |
584 | Specifies whether | 584 | Specifies whether |
585 | .Nm sshd | 585 | .Nm sshd |