diff options
-rw-r--r-- | readconf.c | 14 | ||||
-rw-r--r-- | ssh_config.5 | 21 | ||||
-rw-r--r-- | sshd_config.5 | 3 |
3 files changed, 34 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c index 2ccc48572..431243193 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -176,6 +176,7 @@ typedef enum { | |||
176 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 176 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
177 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, | 177 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, |
178 | oSecurityKeyProvider, | 178 | oSecurityKeyProvider, |
179 | oProtocolKeepAlives, oSetupTimeOut, | ||
179 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported | 180 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
180 | } OpCodes; | 181 | } OpCodes; |
181 | 182 | ||
@@ -326,6 +327,8 @@ static struct { | |||
326 | { "ignoreunknown", oIgnoreUnknown }, | 327 | { "ignoreunknown", oIgnoreUnknown }, |
327 | { "proxyjump", oProxyJump }, | 328 | { "proxyjump", oProxyJump }, |
328 | { "securitykeyprovider", oSecurityKeyProvider }, | 329 | { "securitykeyprovider", oSecurityKeyProvider }, |
330 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
331 | { "setuptimeout", oSetupTimeOut }, | ||
329 | 332 | ||
330 | { NULL, oBadOption } | 333 | { NULL, oBadOption } |
331 | }; | 334 | }; |
@@ -1519,6 +1522,8 @@ parse_keytypes: | |||
1519 | goto parse_flag; | 1522 | goto parse_flag; |
1520 | 1523 | ||
1521 | case oServerAliveInterval: | 1524 | case oServerAliveInterval: |
1525 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
1526 | case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
1522 | intptr = &options->server_alive_interval; | 1527 | intptr = &options->server_alive_interval; |
1523 | goto parse_time; | 1528 | goto parse_time; |
1524 | 1529 | ||
@@ -2222,8 +2227,13 @@ fill_default_options(Options * options) | |||
2222 | options->rekey_interval = 0; | 2227 | options->rekey_interval = 0; |
2223 | if (options->verify_host_key_dns == -1) | 2228 | if (options->verify_host_key_dns == -1) |
2224 | options->verify_host_key_dns = 0; | 2229 | options->verify_host_key_dns = 0; |
2225 | if (options->server_alive_interval == -1) | 2230 | if (options->server_alive_interval == -1) { |
2226 | options->server_alive_interval = 0; | 2231 | /* in batch mode, default is 5mins */ |
2232 | if (options->batch_mode == 1) | ||
2233 | options->server_alive_interval = 300; | ||
2234 | else | ||
2235 | options->server_alive_interval = 0; | ||
2236 | } | ||
2227 | if (options->server_alive_count_max == -1) | 2237 | if (options->server_alive_count_max == -1) |
2228 | options->server_alive_count_max = 3; | 2238 | options->server_alive_count_max = 3; |
2229 | if (options->control_master == -1) | 2239 | if (options->control_master == -1) |
diff --git a/ssh_config.5 b/ssh_config.5 index e2a2359f9..85ab7447f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -266,9 +266,13 @@ If set to | |||
266 | .Cm yes , | 266 | .Cm yes , |
267 | user interaction such as password prompts and host key confirmation requests | 267 | user interaction such as password prompts and host key confirmation requests |
268 | will be disabled. | 268 | will be disabled. |
269 | In addition, the | ||
270 | .Cm ServerAliveInterval | ||
271 | option will be set to 300 seconds by default (Debian-specific). | ||
269 | This option is useful in scripts and other batch jobs where no user | 272 | This option is useful in scripts and other batch jobs where no user |
270 | is present to interact with | 273 | is present to interact with |
271 | .Xr ssh 1 . | 274 | .Xr ssh 1 , |
275 | and where it is desirable to detect a broken network swiftly. | ||
272 | The argument must be | 276 | The argument must be |
273 | .Cm yes | 277 | .Cm yes |
274 | or | 278 | or |
@@ -1604,7 +1608,14 @@ from the server, | |||
1604 | will send a message through the encrypted | 1608 | will send a message through the encrypted |
1605 | channel to request a response from the server. | 1609 | channel to request a response from the server. |
1606 | The default | 1610 | The default |
1607 | is 0, indicating that these messages will not be sent to the server. | 1611 | is 0, indicating that these messages will not be sent to the server, |
1612 | or 300 if the | ||
1613 | .Cm BatchMode | ||
1614 | option is set (Debian-specific). | ||
1615 | .Cm ProtocolKeepAlives | ||
1616 | and | ||
1617 | .Cm SetupTimeOut | ||
1618 | are Debian-specific compatibility aliases for this option. | ||
1608 | .It Cm SetEnv | 1619 | .It Cm SetEnv |
1609 | Directly specify one or more environment variables and their contents to | 1620 | Directly specify one or more environment variables and their contents to |
1610 | be sent to the server. | 1621 | be sent to the server. |
@@ -1684,6 +1695,12 @@ Specifies whether the system should send TCP keepalive messages to the | |||
1684 | other side. | 1695 | other side. |
1685 | If they are sent, death of the connection or crash of one | 1696 | If they are sent, death of the connection or crash of one |
1686 | of the machines will be properly noticed. | 1697 | of the machines will be properly noticed. |
1698 | This option only uses TCP keepalives (as opposed to using ssh level | ||
1699 | keepalives), so takes a long time to notice when the connection dies. | ||
1700 | As such, you probably want | ||
1701 | the | ||
1702 | .Cm ServerAliveInterval | ||
1703 | option as well. | ||
1687 | However, this means that | 1704 | However, this means that |
1688 | connections will die if the route is down temporarily, and some people | 1705 | connections will die if the route is down temporarily, and some people |
1689 | find it annoying. | 1706 | find it annoying. |
diff --git a/sshd_config.5 b/sshd_config.5 index 360e5fb1a..9f093be1f 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -1680,6 +1680,9 @@ This avoids infinitely hanging sessions. | |||
1680 | .Pp | 1680 | .Pp |
1681 | To disable TCP keepalive messages, the value should be set to | 1681 | To disable TCP keepalive messages, the value should be set to |
1682 | .Cm no . | 1682 | .Cm no . |
1683 | .Pp | ||
1684 | This option was formerly called | ||
1685 | .Cm KeepAlive . | ||
1683 | .It Cm TrustedUserCAKeys | 1686 | .It Cm TrustedUserCAKeys |
1684 | Specifies a file containing public keys of certificate authorities that are | 1687 | Specifies a file containing public keys of certificate authorities that are |
1685 | trusted to sign user certificates for authentication, or | 1688 | trusted to sign user certificates for authentication, or |