diff options
-rw-r--r-- | readconf.c | 14 | ||||
-rw-r--r-- | ssh_config.5 | 21 | ||||
-rw-r--r-- | sshd_config.5 | 3 |
3 files changed, 34 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c index 915a0f7b7..dab7963d6 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -140,6 +140,7 @@ typedef enum { | |||
140 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 140 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
141 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 141 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
142 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, | 142 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, |
143 | oProtocolKeepAlives, oSetupTimeOut, | ||
143 | oIgnoredUnknownOption, oDeprecated, oUnsupported | 144 | oIgnoredUnknownOption, oDeprecated, oUnsupported |
144 | } OpCodes; | 145 | } OpCodes; |
145 | 146 | ||
@@ -262,6 +263,8 @@ static struct { | |||
262 | { "ipqos", oIPQoS }, | 263 | { "ipqos", oIPQoS }, |
263 | { "requesttty", oRequestTTY }, | 264 | { "requesttty", oRequestTTY }, |
264 | { "ignoreunknown", oIgnoreUnknown }, | 265 | { "ignoreunknown", oIgnoreUnknown }, |
266 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
267 | { "setuptimeout", oSetupTimeOut }, | ||
265 | 268 | ||
266 | { NULL, oBadOption } | 269 | { NULL, oBadOption } |
267 | }; | 270 | }; |
@@ -934,6 +937,8 @@ parse_int: | |||
934 | goto parse_flag; | 937 | goto parse_flag; |
935 | 938 | ||
936 | case oServerAliveInterval: | 939 | case oServerAliveInterval: |
940 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
941 | case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
937 | intptr = &options->server_alive_interval; | 942 | intptr = &options->server_alive_interval; |
938 | goto parse_time; | 943 | goto parse_time; |
939 | 944 | ||
@@ -1396,8 +1401,13 @@ fill_default_options(Options * options) | |||
1396 | options->rekey_interval = 0; | 1401 | options->rekey_interval = 0; |
1397 | if (options->verify_host_key_dns == -1) | 1402 | if (options->verify_host_key_dns == -1) |
1398 | options->verify_host_key_dns = 0; | 1403 | options->verify_host_key_dns = 0; |
1399 | if (options->server_alive_interval == -1) | 1404 | if (options->server_alive_interval == -1) { |
1400 | options->server_alive_interval = 0; | 1405 | /* in batch mode, default is 5mins */ |
1406 | if (options->batch_mode == 1) | ||
1407 | options->server_alive_interval = 300; | ||
1408 | else | ||
1409 | options->server_alive_interval = 0; | ||
1410 | } | ||
1401 | if (options->server_alive_count_max == -1) | 1411 | if (options->server_alive_count_max == -1) |
1402 | options->server_alive_count_max = 3; | 1412 | options->server_alive_count_max = 3; |
1403 | if (options->control_master == -1) | 1413 | if (options->control_master == -1) |
diff --git a/ssh_config.5 b/ssh_config.5 index 1fc0a6b1c..694868053 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -136,8 +136,12 @@ Valid arguments are | |||
136 | If set to | 136 | If set to |
137 | .Dq yes , | 137 | .Dq yes , |
138 | passphrase/password querying will be disabled. | 138 | passphrase/password querying will be disabled. |
139 | In addition, the | ||
140 | .Cm ServerAliveInterval | ||
141 | option will be set to 300 seconds by default. | ||
139 | This option is useful in scripts and other batch jobs where no user | 142 | This option is useful in scripts and other batch jobs where no user |
140 | is present to supply the password. | 143 | is present to supply the password, |
144 | and where it is desirable to detect a broken network swiftly. | ||
141 | The argument must be | 145 | The argument must be |
142 | .Dq yes | 146 | .Dq yes |
143 | or | 147 | or |
@@ -1141,8 +1145,15 @@ from the server, | |||
1141 | will send a message through the encrypted | 1145 | will send a message through the encrypted |
1142 | channel to request a response from the server. | 1146 | channel to request a response from the server. |
1143 | The default | 1147 | The default |
1144 | is 0, indicating that these messages will not be sent to the server. | 1148 | is 0, indicating that these messages will not be sent to the server, |
1149 | or 300 if the | ||
1150 | .Cm BatchMode | ||
1151 | option is set. | ||
1145 | This option applies to protocol version 2 only. | 1152 | This option applies to protocol version 2 only. |
1153 | .Cm ProtocolKeepAlives | ||
1154 | and | ||
1155 | .Cm SetupTimeOut | ||
1156 | are Debian-specific compatibility aliases for this option. | ||
1146 | .It Cm StrictHostKeyChecking | 1157 | .It Cm StrictHostKeyChecking |
1147 | If this flag is set to | 1158 | If this flag is set to |
1148 | .Dq yes , | 1159 | .Dq yes , |
@@ -1181,6 +1192,12 @@ Specifies whether the system should send TCP keepalive messages to the | |||
1181 | other side. | 1192 | other side. |
1182 | If they are sent, death of the connection or crash of one | 1193 | If they are sent, death of the connection or crash of one |
1183 | of the machines will be properly noticed. | 1194 | of the machines will be properly noticed. |
1195 | This option only uses TCP keepalives (as opposed to using ssh level | ||
1196 | keepalives), so takes a long time to notice when the connection dies. | ||
1197 | As such, you probably want | ||
1198 | the | ||
1199 | .Cm ServerAliveInterval | ||
1200 | option as well. | ||
1184 | However, this means that | 1201 | However, this means that |
1185 | connections will die if the route is down temporarily, and some people | 1202 | connections will die if the route is down temporarily, and some people |
1186 | find it annoying. | 1203 | find it annoying. |
diff --git a/sshd_config.5 b/sshd_config.5 index 525d9c858..e29604ad5 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -1147,6 +1147,9 @@ This avoids infinitely hanging sessions. | |||
1147 | .Pp | 1147 | .Pp |
1148 | To disable TCP keepalive messages, the value should be set to | 1148 | To disable TCP keepalive messages, the value should be set to |
1149 | .Dq no . | 1149 | .Dq no . |
1150 | .Pp | ||
1151 | This option was formerly called | ||
1152 | .Cm KeepAlive . | ||
1150 | .It Cm TrustedUserCAKeys | 1153 | .It Cm TrustedUserCAKeys |
1151 | Specifies a file containing public keys of certificate authorities that are | 1154 | Specifies a file containing public keys of certificate authorities that are |
1152 | trusted to sign user certificates for authentication. | 1155 | trusted to sign user certificates for authentication. |