diff options
| -rw-r--r-- | readconf.c | 14 | ||||
| -rw-r--r-- | ssh_config.5 | 21 | ||||
| -rw-r--r-- | sshd_config.5 | 3 |
3 files changed, 34 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c index 29f3bd98d..3d0b6ff90 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -177,6 +177,7 @@ typedef enum { | |||
| 177 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, | 177 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
| 178 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 178 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
| 179 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, | 179 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, |
| 180 | oProtocolKeepAlives, oSetupTimeOut, | ||
| 180 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported | 181 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
| 181 | } OpCodes; | 182 | } OpCodes; |
| 182 | 183 | ||
| @@ -326,6 +327,8 @@ static struct { | |||
| 326 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | 327 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, |
| 327 | { "ignoreunknown", oIgnoreUnknown }, | 328 | { "ignoreunknown", oIgnoreUnknown }, |
| 328 | { "proxyjump", oProxyJump }, | 329 | { "proxyjump", oProxyJump }, |
| 330 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
| 331 | { "setuptimeout", oSetupTimeOut }, | ||
| 329 | 332 | ||
| 330 | { NULL, oBadOption } | 333 | { NULL, oBadOption } |
| 331 | }; | 334 | }; |
| @@ -1440,6 +1443,8 @@ parse_keytypes: | |||
| 1440 | goto parse_flag; | 1443 | goto parse_flag; |
| 1441 | 1444 | ||
| 1442 | case oServerAliveInterval: | 1445 | case oServerAliveInterval: |
| 1446 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
| 1447 | case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
| 1443 | intptr = &options->server_alive_interval; | 1448 | intptr = &options->server_alive_interval; |
| 1444 | goto parse_time; | 1449 | goto parse_time; |
| 1445 | 1450 | ||
| @@ -2133,8 +2138,13 @@ fill_default_options(Options * options) | |||
| 2133 | options->rekey_interval = 0; | 2138 | options->rekey_interval = 0; |
| 2134 | if (options->verify_host_key_dns == -1) | 2139 | if (options->verify_host_key_dns == -1) |
| 2135 | options->verify_host_key_dns = 0; | 2140 | options->verify_host_key_dns = 0; |
| 2136 | if (options->server_alive_interval == -1) | 2141 | if (options->server_alive_interval == -1) { |
| 2137 | options->server_alive_interval = 0; | 2142 | /* in batch mode, default is 5mins */ |
| 2143 | if (options->batch_mode == 1) | ||
| 2144 | options->server_alive_interval = 300; | ||
| 2145 | else | ||
| 2146 | options->server_alive_interval = 0; | ||
| 2147 | } | ||
| 2138 | if (options->server_alive_count_max == -1) | 2148 | if (options->server_alive_count_max == -1) |
| 2139 | options->server_alive_count_max = 3; | 2149 | options->server_alive_count_max = 3; |
| 2140 | if (options->control_master == -1) | 2150 | if (options->control_master == -1) |
diff --git a/ssh_config.5 b/ssh_config.5 index c3c8b274a..250c92d04 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -265,8 +265,12 @@ Valid arguments are | |||
| 265 | If set to | 265 | If set to |
| 266 | .Cm yes , | 266 | .Cm yes , |
| 267 | passphrase/password querying will be disabled. | 267 | passphrase/password querying will be disabled. |
| 268 | In addition, the | ||
| 269 | .Cm ServerAliveInterval | ||
| 270 | option will be set to 300 seconds by default (Debian-specific). | ||
| 268 | This option is useful in scripts and other batch jobs where no user | 271 | This option is useful in scripts and other batch jobs where no user |
| 269 | is present to supply the password. | 272 | is present to supply the password, |
| 273 | and where it is desirable to detect a broken network swiftly. | ||
| 270 | The argument must be | 274 | The argument must be |
| 271 | .Cm yes | 275 | .Cm yes |
| 272 | or | 276 | or |
| @@ -1535,7 +1539,14 @@ from the server, | |||
| 1535 | will send a message through the encrypted | 1539 | will send a message through the encrypted |
| 1536 | channel to request a response from the server. | 1540 | channel to request a response from the server. |
| 1537 | The default | 1541 | The default |
| 1538 | is 0, indicating that these messages will not be sent to the server. | 1542 | is 0, indicating that these messages will not be sent to the server, |
| 1543 | or 300 if the | ||
| 1544 | .Cm BatchMode | ||
| 1545 | option is set (Debian-specific). | ||
| 1546 | .Cm ProtocolKeepAlives | ||
| 1547 | and | ||
| 1548 | .Cm SetupTimeOut | ||
| 1549 | are Debian-specific compatibility aliases for this option. | ||
| 1539 | .It Cm SetEnv | 1550 | .It Cm SetEnv |
| 1540 | Directly specify one or more environment variables and their contents to | 1551 | Directly specify one or more environment variables and their contents to |
| 1541 | be sent to the server. | 1552 | be sent to the server. |
| @@ -1615,6 +1626,12 @@ Specifies whether the system should send TCP keepalive messages to the | |||
| 1615 | other side. | 1626 | other side. |
| 1616 | If they are sent, death of the connection or crash of one | 1627 | If they are sent, death of the connection or crash of one |
| 1617 | of the machines will be properly noticed. | 1628 | of the machines will be properly noticed. |
| 1629 | This option only uses TCP keepalives (as opposed to using ssh level | ||
| 1630 | keepalives), so takes a long time to notice when the connection dies. | ||
| 1631 | As such, you probably want | ||
| 1632 | the | ||
| 1633 | .Cm ServerAliveInterval | ||
| 1634 | option as well. | ||
| 1618 | However, this means that | 1635 | However, this means that |
| 1619 | connections will die if the route is down temporarily, and some people | 1636 | connections will die if the route is down temporarily, and some people |
| 1620 | find it annoying. | 1637 | find it annoying. |
diff --git a/sshd_config.5 b/sshd_config.5 index 2baa6622b..2ef671d1b 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -1597,6 +1597,9 @@ This avoids infinitely hanging sessions. | |||
| 1597 | .Pp | 1597 | .Pp |
| 1598 | To disable TCP keepalive messages, the value should be set to | 1598 | To disable TCP keepalive messages, the value should be set to |
| 1599 | .Cm no . | 1599 | .Cm no . |
| 1600 | .Pp | ||
| 1601 | This option was formerly called | ||
| 1602 | .Cm KeepAlive . | ||
| 1600 | .It Cm TrustedUserCAKeys | 1603 | .It Cm TrustedUserCAKeys |
| 1601 | Specifies a file containing public keys of certificate authorities that are | 1604 | Specifies a file containing public keys of certificate authorities that are |
| 1602 | trusted to sign user certificates for authentication, or | 1605 | trusted to sign user certificates for authentication, or |