diff options
| -rw-r--r-- | readconf.c | 14 | ||||
| -rw-r--r-- | ssh_config.5 | 21 | ||||
| -rw-r--r-- | sshd_config.5 | 3 |
3 files changed, 34 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c index 5e655e924..052d4b1ac 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -175,6 +175,7 @@ typedef enum { | |||
| 175 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, | 175 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
| 176 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 176 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
| 177 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, | 177 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, |
| 178 | oProtocolKeepAlives, oSetupTimeOut, | ||
| 178 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported | 179 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
| 179 | } OpCodes; | 180 | } OpCodes; |
| 180 | 181 | ||
| @@ -322,6 +323,8 @@ static struct { | |||
| 322 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | 323 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, |
| 323 | { "ignoreunknown", oIgnoreUnknown }, | 324 | { "ignoreunknown", oIgnoreUnknown }, |
| 324 | { "proxyjump", oProxyJump }, | 325 | { "proxyjump", oProxyJump }, |
| 326 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
| 327 | { "setuptimeout", oSetupTimeOut }, | ||
| 325 | 328 | ||
| 326 | { NULL, oBadOption } | 329 | { NULL, oBadOption } |
| 327 | }; | 330 | }; |
| @@ -1415,6 +1418,8 @@ parse_keytypes: | |||
| 1415 | goto parse_flag; | 1418 | goto parse_flag; |
| 1416 | 1419 | ||
| 1417 | case oServerAliveInterval: | 1420 | case oServerAliveInterval: |
| 1421 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
| 1422 | case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
| 1418 | intptr = &options->server_alive_interval; | 1423 | intptr = &options->server_alive_interval; |
| 1419 | goto parse_time; | 1424 | goto parse_time; |
| 1420 | 1425 | ||
| @@ -2101,8 +2106,13 @@ fill_default_options(Options * options) | |||
| 2101 | options->rekey_interval = 0; | 2106 | options->rekey_interval = 0; |
| 2102 | if (options->verify_host_key_dns == -1) | 2107 | if (options->verify_host_key_dns == -1) |
| 2103 | options->verify_host_key_dns = 0; | 2108 | options->verify_host_key_dns = 0; |
| 2104 | if (options->server_alive_interval == -1) | 2109 | if (options->server_alive_interval == -1) { |
| 2105 | options->server_alive_interval = 0; | 2110 | /* in batch mode, default is 5mins */ |
| 2111 | if (options->batch_mode == 1) | ||
| 2112 | options->server_alive_interval = 300; | ||
| 2113 | else | ||
| 2114 | options->server_alive_interval = 0; | ||
| 2115 | } | ||
| 2106 | if (options->server_alive_count_max == -1) | 2116 | if (options->server_alive_count_max == -1) |
| 2107 | options->server_alive_count_max = 3; | 2117 | options->server_alive_count_max = 3; |
| 2108 | if (options->control_master == -1) | 2118 | if (options->control_master == -1) |
diff --git a/ssh_config.5 b/ssh_config.5 index 16c79368a..54e143c93 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -247,8 +247,12 @@ Valid arguments are | |||
| 247 | If set to | 247 | If set to |
| 248 | .Cm yes , | 248 | .Cm yes , |
| 249 | passphrase/password querying will be disabled. | 249 | passphrase/password querying will be disabled. |
| 250 | In addition, the | ||
| 251 | .Cm ServerAliveInterval | ||
| 252 | option will be set to 300 seconds by default (Debian-specific). | ||
| 250 | This option is useful in scripts and other batch jobs where no user | 253 | This option is useful in scripts and other batch jobs where no user |
| 251 | is present to supply the password. | 254 | is present to supply the password, |
| 255 | and where it is desirable to detect a broken network swiftly. | ||
| 252 | The argument must be | 256 | The argument must be |
| 253 | .Cm yes | 257 | .Cm yes |
| 254 | or | 258 | or |
| @@ -1485,7 +1489,14 @@ from the server, | |||
| 1485 | will send a message through the encrypted | 1489 | will send a message through the encrypted |
| 1486 | channel to request a response from the server. | 1490 | channel to request a response from the server. |
| 1487 | The default | 1491 | The default |
| 1488 | is 0, indicating that these messages will not be sent to the server. | 1492 | is 0, indicating that these messages will not be sent to the server, |
| 1493 | or 300 if the | ||
| 1494 | .Cm BatchMode | ||
| 1495 | option is set (Debian-specific). | ||
| 1496 | .Cm ProtocolKeepAlives | ||
| 1497 | and | ||
| 1498 | .Cm SetupTimeOut | ||
| 1499 | are Debian-specific compatibility aliases for this option. | ||
| 1489 | .It Cm SetEnv | 1500 | .It Cm SetEnv |
| 1490 | Directly specify one or more environment variables and their contents to | 1501 | Directly specify one or more environment variables and their contents to |
| 1491 | be sent to the server. | 1502 | be sent to the server. |
| @@ -1565,6 +1576,12 @@ Specifies whether the system should send TCP keepalive messages to the | |||
| 1565 | other side. | 1576 | other side. |
| 1566 | If they are sent, death of the connection or crash of one | 1577 | If they are sent, death of the connection or crash of one |
| 1567 | of the machines will be properly noticed. | 1578 | of the machines will be properly noticed. |
| 1579 | This option only uses TCP keepalives (as opposed to using ssh level | ||
| 1580 | keepalives), so takes a long time to notice when the connection dies. | ||
| 1581 | As such, you probably want | ||
| 1582 | the | ||
| 1583 | .Cm ServerAliveInterval | ||
| 1584 | option as well. | ||
| 1568 | However, this means that | 1585 | However, this means that |
| 1569 | connections will die if the route is down temporarily, and some people | 1586 | connections will die if the route is down temporarily, and some people |
| 1570 | find it annoying. | 1587 | find it annoying. |
diff --git a/sshd_config.5 b/sshd_config.5 index 985eef5a2..e7e55dd71 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
| @@ -1577,6 +1577,9 @@ This avoids infinitely hanging sessions. | |||
| 1577 | .Pp | 1577 | .Pp |
| 1578 | To disable TCP keepalive messages, the value should be set to | 1578 | To disable TCP keepalive messages, the value should be set to |
| 1579 | .Cm no . | 1579 | .Cm no . |
| 1580 | .Pp | ||
| 1581 | This option was formerly called | ||
| 1582 | .Cm KeepAlive . | ||
| 1580 | .It Cm TrustedUserCAKeys | 1583 | .It Cm TrustedUserCAKeys |
| 1581 | Specifies a file containing public keys of certificate authorities that are | 1584 | Specifies a file containing public keys of certificate authorities that are |
| 1582 | trusted to sign user certificates for authentication, or | 1585 | trusted to sign user certificates for authentication, or |