diff options
| -rw-r--r-- | readconf.c | 14 | ||||
| -rw-r--r-- | ssh_config.5 | 21 | ||||
| -rw-r--r-- | sshd_config.5 | 3 |
3 files changed, 34 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c index a7fb7ca15..09787c0e5 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -177,6 +177,7 @@ typedef enum { | |||
| 177 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, | 177 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
| 178 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 178 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
| 179 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, | 179 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, |
| 180 | oProtocolKeepAlives, oSetupTimeOut, | ||
| 180 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported | 181 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
| 181 | } OpCodes; | 182 | } OpCodes; |
| 182 | 183 | ||
| @@ -326,6 +327,8 @@ static struct { | |||
| 326 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | 327 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, |
| 327 | { "ignoreunknown", oIgnoreUnknown }, | 328 | { "ignoreunknown", oIgnoreUnknown }, |
| 328 | { "proxyjump", oProxyJump }, | 329 | { "proxyjump", oProxyJump }, |
| 330 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
| 331 | { "setuptimeout", oSetupTimeOut }, | ||
| 329 | 332 | ||
| 330 | { NULL, oBadOption } | 333 | { NULL, oBadOption } |
| 331 | }; | 334 | }; |
| @@ -1449,6 +1452,8 @@ parse_keytypes: | |||
| 1449 | goto parse_flag; | 1452 | goto parse_flag; |
| 1450 | 1453 | ||
| 1451 | case oServerAliveInterval: | 1454 | case oServerAliveInterval: |
| 1455 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
| 1456 | case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
| 1452 | intptr = &options->server_alive_interval; | 1457 | intptr = &options->server_alive_interval; |
| 1453 | goto parse_time; | 1458 | goto parse_time; |
| 1454 | 1459 | ||
| @@ -2142,8 +2147,13 @@ fill_default_options(Options * options) | |||
| 2142 | options->rekey_interval = 0; | 2147 | options->rekey_interval = 0; |
| 2143 | if (options->verify_host_key_dns == -1) | 2148 | if (options->verify_host_key_dns == -1) |
| 2144 | options->verify_host_key_dns = 0; | 2149 | options->verify_host_key_dns = 0; |
| 2145 | if (options->server_alive_interval == -1) | 2150 | if (options->server_alive_interval == -1) { |
| 2146 | options->server_alive_interval = 0; | 2151 | /* in batch mode, default is 5mins */ |
| 2152 | if (options->batch_mode == 1) | ||
| 2153 | options->server_alive_interval = 300; | ||
| 2154 | else | ||
| 2155 | options->server_alive_interval = 0; | ||
| 2156 | } | ||
| 2147 | if (options->server_alive_count_max == -1) | 2157 | if (options->server_alive_count_max == -1) |
| 2148 | options->server_alive_count_max = 3; | 2158 | options->server_alive_count_max = 3; |
| 2149 | if (options->control_master == -1) | 2159 | if (options->control_master == -1) |
diff --git a/ssh_config.5 b/ssh_config.5 index f4668673b..bc04d8d02 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -265,8 +265,12 @@ Valid arguments are | |||
| 265 | If set to | 265 | If set to |
| 266 | .Cm yes , | 266 | .Cm yes , |
| 267 | passphrase/password querying will be disabled. | 267 | passphrase/password querying will be disabled. |
| 268 | In addition, the | ||
| 269 | .Cm ServerAliveInterval | ||
| 270 | option will be set to 300 seconds by default (Debian-specific). | ||
| 268 | This option is useful in scripts and other batch jobs where no user | 271 | This option is useful in scripts and other batch jobs where no user |
| 269 | is present to supply the password. | 272 | is present to supply the password, |
| 273 | and where it is desirable to detect a broken network swiftly. | ||
| 270 | The argument must be | 274 | The argument must be |
| 271 | .Cm yes | 275 | .Cm yes |
| 272 | or | 276 | or |
| @@ -1557,7 +1561,14 @@ from the server, | |||
| 1557 | will send a message through the encrypted | 1561 | will send a message through the encrypted |
| 1558 | channel to request a response from the server. | 1562 | channel to request a response from the server. |
| 1559 | The default | 1563 | The default |
| 1560 | is 0, indicating that these messages will not be sent to the server. | 1564 | is 0, indicating that these messages will not be sent to the server, |
| 1565 | or 300 if the | ||
| 1566 | .Cm BatchMode | ||
| 1567 | option is set (Debian-specific). | ||
| 1568 | .Cm ProtocolKeepAlives | ||
| 1569 | and | ||
| 1570 | .Cm SetupTimeOut | ||
| 1571 | are Debian-specific compatibility aliases for this option. | ||
| 1561 | .It Cm SetEnv | 1572 | .It Cm SetEnv |
| 1562 | Directly specify one or more environment variables and their contents to | 1573 | Directly specify one or more environment variables and their contents to |
| 1563 | be sent to the server. | 1574 | be sent to the server. |
| @@ -1637,6 +1648,12 @@ Specifies whether the system should send TCP keepalive messages to the | |||
| 1637 | other side. | 1648 | other side. |
| 1638 | If they are sent, death of the connection or crash of one | 1649 | If they are sent, death of the connection or crash of one |
| 1639 | of the machines will be properly noticed. | 1650 | of the machines will be properly noticed. |
| 1651 | This option only uses TCP keepalives (as opposed to using ssh level | ||
| 1652 | keepalives), so takes a long time to notice when the connection dies. | ||
| 1653 | As such, you probably want | ||
| 1654 | the | ||
| 1655 | .Cm ServerAliveInterval | ||
| 1656 | option as well. | ||
| 1640 | However, this means that | 1657 | However, this means that |
| 1641 | connections will die if the route is down temporarily, and some people | 1658 | connections will die if the route is down temporarily, and some people |
| 1642 | find it annoying. | 1659 | find it annoying. |
diff --git a/sshd_config.5 b/sshd_config.5 index cec3c3c4e..eec224158 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -1615,6 +1615,9 @@ This avoids infinitely hanging sessions. | |||
| 1615 | .Pp | 1615 | .Pp |
| 1616 | To disable TCP keepalive messages, the value should be set to | 1616 | To disable TCP keepalive messages, the value should be set to |
| 1617 | .Cm no . | 1617 | .Cm no . |
| 1618 | .Pp | ||
| 1619 | This option was formerly called | ||
| 1620 | .Cm KeepAlive . | ||
| 1618 | .It Cm TrustedUserCAKeys | 1621 | .It Cm TrustedUserCAKeys |
| 1619 | Specifies a file containing public keys of certificate authorities that are | 1622 | Specifies a file containing public keys of certificate authorities that are |
| 1620 | trusted to sign user certificates for authentication, or | 1623 | trusted to sign user certificates for authentication, or |