summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--readconf.c14
-rw-r--r--ssh_config.521
-rw-r--r--sshd_config.53
3 files changed, 34 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c
index 915a0f7b7..dab7963d6 100644
--- a/readconf.c
+++ b/readconf.c
@@ -140,6 +140,7 @@ typedef enum {
140 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 140 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
141 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, 141 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
142 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, 142 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
143 oProtocolKeepAlives, oSetupTimeOut,
143 oIgnoredUnknownOption, oDeprecated, oUnsupported 144 oIgnoredUnknownOption, oDeprecated, oUnsupported
144} OpCodes; 145} OpCodes;
145 146
@@ -262,6 +263,8 @@ static struct {
262 { "ipqos", oIPQoS }, 263 { "ipqos", oIPQoS },
263 { "requesttty", oRequestTTY }, 264 { "requesttty", oRequestTTY },
264 { "ignoreunknown", oIgnoreUnknown }, 265 { "ignoreunknown", oIgnoreUnknown },
266 { "protocolkeepalives", oProtocolKeepAlives },
267 { "setuptimeout", oSetupTimeOut },
265 268
266 { NULL, oBadOption } 269 { NULL, oBadOption }
267}; 270};
@@ -934,6 +937,8 @@ parse_int:
934 goto parse_flag; 937 goto parse_flag;
935 938
936 case oServerAliveInterval: 939 case oServerAliveInterval:
940 case oProtocolKeepAlives: /* Debian-specific compatibility alias */
941 case oSetupTimeOut: /* Debian-specific compatibility alias */
937 intptr = &options->server_alive_interval; 942 intptr = &options->server_alive_interval;
938 goto parse_time; 943 goto parse_time;
939 944
@@ -1396,8 +1401,13 @@ fill_default_options(Options * options)
1396 options->rekey_interval = 0; 1401 options->rekey_interval = 0;
1397 if (options->verify_host_key_dns == -1) 1402 if (options->verify_host_key_dns == -1)
1398 options->verify_host_key_dns = 0; 1403 options->verify_host_key_dns = 0;
1399 if (options->server_alive_interval == -1) 1404 if (options->server_alive_interval == -1) {
1400 options->server_alive_interval = 0; 1405 /* in batch mode, default is 5mins */
1406 if (options->batch_mode == 1)
1407 options->server_alive_interval = 300;
1408 else
1409 options->server_alive_interval = 0;
1410 }
1401 if (options->server_alive_count_max == -1) 1411 if (options->server_alive_count_max == -1)
1402 options->server_alive_count_max = 3; 1412 options->server_alive_count_max = 3;
1403 if (options->control_master == -1) 1413 if (options->control_master == -1)
diff --git a/ssh_config.5 b/ssh_config.5
index 1fc0a6b1c..694868053 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -136,8 +136,12 @@ Valid arguments are
136If set to 136If set to
137.Dq yes , 137.Dq yes ,
138passphrase/password querying will be disabled. 138passphrase/password querying will be disabled.
139In addition, the
140.Cm ServerAliveInterval
141option will be set to 300 seconds by default.
139This option is useful in scripts and other batch jobs where no user 142This option is useful in scripts and other batch jobs where no user
140is present to supply the password. 143is present to supply the password,
144and where it is desirable to detect a broken network swiftly.
141The argument must be 145The argument must be
142.Dq yes 146.Dq yes
143or 147or
@@ -1141,8 +1145,15 @@ from the server,
1141will send a message through the encrypted 1145will send a message through the encrypted
1142channel to request a response from the server. 1146channel to request a response from the server.
1143The default 1147The default
1144is 0, indicating that these messages will not be sent to the server. 1148is 0, indicating that these messages will not be sent to the server,
1149or 300 if the
1150.Cm BatchMode
1151option is set.
1145This option applies to protocol version 2 only. 1152This option applies to protocol version 2 only.
1153.Cm ProtocolKeepAlives
1154and
1155.Cm SetupTimeOut
1156are Debian-specific compatibility aliases for this option.
1146.It Cm StrictHostKeyChecking 1157.It Cm StrictHostKeyChecking
1147If this flag is set to 1158If this flag is set to
1148.Dq yes , 1159.Dq yes ,
@@ -1181,6 +1192,12 @@ Specifies whether the system should send TCP keepalive messages to the
1181other side. 1192other side.
1182If they are sent, death of the connection or crash of one 1193If they are sent, death of the connection or crash of one
1183of the machines will be properly noticed. 1194of the machines will be properly noticed.
1195This option only uses TCP keepalives (as opposed to using ssh level
1196keepalives), so takes a long time to notice when the connection dies.
1197As such, you probably want
1198the
1199.Cm ServerAliveInterval
1200option as well.
1184However, this means that 1201However, this means that
1185connections will die if the route is down temporarily, and some people 1202connections will die if the route is down temporarily, and some people
1186find it annoying. 1203find it annoying.
diff --git a/sshd_config.5 b/sshd_config.5
index 525d9c858..e29604ad5 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1147,6 +1147,9 @@ This avoids infinitely hanging sessions.
1147.Pp 1147.Pp
1148To disable TCP keepalive messages, the value should be set to 1148To disable TCP keepalive messages, the value should be set to
1149.Dq no . 1149.Dq no .
1150.Pp
1151This option was formerly called
1152.Cm KeepAlive .
1150.It Cm TrustedUserCAKeys 1153.It Cm TrustedUserCAKeys
1151Specifies a file containing public keys of certificate authorities that are 1154Specifies a file containing public keys of certificate authorities that are
1152trusted to sign user certificates for authentication. 1155trusted to sign user certificates for authentication.