summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--readconf.c19
-rw-r--r--readconf.h4
-rw-r--r--scp.14
-rw-r--r--servconf.c17
-rw-r--r--servconf.h4
-rw-r--r--sftp.14
-rw-r--r--ssh.14
-rw-r--r--ssh_config.536
-rw-r--r--sshconnect.c6
-rw-r--r--sshd.c6
-rw-r--r--sshd_config.548
12 files changed, 83 insertions, 76 deletions
diff --git a/ChangeLog b/ChangeLog
index d737c855d..0b97adc72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,11 @@
12 - markus@cvs.openbsd.org 2003/12/09 17:30:05 12 - markus@cvs.openbsd.org 2003/12/09 17:30:05
13 [ssh.c] 13 [ssh.c]
14 don't modify argv for ssh -o; similar to sshd.c 1.283 14 don't modify argv for ssh -o; similar to sshd.c 1.283
15 - markus@cvs.openbsd.org 2003/12/09 21:53:37
16 [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
17 [ssh_config.5 sshconnect.c sshd.c sshd_config.5]
18 rename keepalive to tcpkeepalive; the old name causes too much
19 confusion; ok djm, dtucker; with help from jmc@
15 20
1620031209 2120031209
17 - (dtucker) OpenBSD CVS Sync 22 - (dtucker) OpenBSD CVS Sync
@@ -1581,4 +1586,4 @@
1581 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. 1586 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1582 Report from murple@murple.net, diagnosis from dtucker@zip.com.au 1587 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
1583 1588
1584$Id: ChangeLog,v 1.3142 2003/12/17 05:30:06 djm Exp $ 1589$Id: ChangeLog,v 1.3143 2003/12/17 05:31:10 djm Exp $
diff --git a/readconf.c b/readconf.c
index da49a3944..cd2c81443 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.126 2003/12/09 21:53:36 markus Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -78,7 +78,7 @@ RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $");
78 RSAAuthentication yes 78 RSAAuthentication yes
79 RhostsRSAAuthentication yes 79 RhostsRSAAuthentication yes
80 StrictHostKeyChecking yes 80 StrictHostKeyChecking yes
81 KeepAlives no 81 TcpKeepAlive no
82 IdentityFile ~/.ssh/identity 82 IdentityFile ~/.ssh/identity
83 Port 22 83 Port 22
84 EscapeChar ~ 84 EscapeChar ~
@@ -96,7 +96,7 @@ typedef enum {
96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, 96 oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, 97 oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, 98 oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
99 oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, 99 oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, 100 oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, 101 oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, 102 oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
@@ -169,7 +169,8 @@ static struct {
169 { "stricthostkeychecking", oStrictHostKeyChecking }, 169 { "stricthostkeychecking", oStrictHostKeyChecking },
170 { "compression", oCompression }, 170 { "compression", oCompression },
171 { "compressionlevel", oCompressionLevel }, 171 { "compressionlevel", oCompressionLevel },
172 { "keepalive", oKeepAlives }, 172 { "tcpkeepalive", oTCPKeepAlive },
173 { "keepalive", oTCPKeepAlive }, /* obsolete */
173 { "numberofpasswordprompts", oNumberOfPasswordPrompts }, 174 { "numberofpasswordprompts", oNumberOfPasswordPrompts },
174 { "loglevel", oLogLevel }, 175 { "loglevel", oLogLevel },
175 { "dynamicforward", oDynamicForward }, 176 { "dynamicforward", oDynamicForward },
@@ -427,8 +428,8 @@ parse_yesnoask:
427 intptr = &options->compression; 428 intptr = &options->compression;
428 goto parse_flag; 429 goto parse_flag;
429 430
430 case oKeepAlives: 431 case oTCPKeepAlive:
431 intptr = &options->keepalives; 432 intptr = &options->tcp_keep_alive;
432 goto parse_flag; 433 goto parse_flag;
433 434
434 case oNoHostAuthenticationForLocalhost: 435 case oNoHostAuthenticationForLocalhost:
@@ -826,7 +827,7 @@ initialize_options(Options * options)
826 options->check_host_ip = -1; 827 options->check_host_ip = -1;
827 options->strict_host_key_checking = -1; 828 options->strict_host_key_checking = -1;
828 options->compression = -1; 829 options->compression = -1;
829 options->keepalives = -1; 830 options->tcp_keep_alive = -1;
830 options->compression_level = -1; 831 options->compression_level = -1;
831 options->port = -1; 832 options->port = -1;
832 options->address_family = -1; 833 options->address_family = -1;
@@ -909,8 +910,8 @@ fill_default_options(Options * options)
909 options->strict_host_key_checking = 2; /* 2 is default */ 910 options->strict_host_key_checking = 2; /* 2 is default */
910 if (options->compression == -1) 911 if (options->compression == -1)
911 options->compression = 0; 912 options->compression = 0;
912 if (options->keepalives == -1) 913 if (options->tcp_keep_alive == -1)
913 options->keepalives = 1; 914 options->tcp_keep_alive = 1;
914 if (options->compression_level == -1) 915 if (options->compression_level == -1)
915 options->compression_level = 6; 916 options->compression_level = 6;
916 if (options->port == -1) 917 if (options->port == -1)
diff --git a/readconf.h b/readconf.h
index 650132346..f2a859fbe 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.57 2003/11/21 11:57:03 djm Exp $ */ 1/* $OpenBSD: readconf.h,v 1.58 2003/12/09 21:53:36 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -53,7 +53,7 @@ typedef struct {
53 int compression; /* Compress packets in both directions. */ 53 int compression; /* Compress packets in both directions. */
54 int compression_level; /* Compression level 1 (fast) to 9 54 int compression_level; /* Compression level 1 (fast) to 9
55 * (best). */ 55 * (best). */
56 int keepalives; /* Set SO_KEEPALIVE. */ 56 int tcp_keep_alive; /* Set SO_KEEPALIVE. */
57 LogLevel log_level; /* Level for logging. */ 57 LogLevel log_level; /* Level for logging. */
58 58
59 int port; /* Port to connect. */ 59 int port; /* Port to connect. */
diff --git a/scp.1 b/scp.1
index 4dab2a1db..cbebb949a 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
9.\" 9.\"
10.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" Created: Sun May 7 00:14:37 1995 ylo
11.\" 11.\"
12.\" $OpenBSD: scp.1,v 1.30 2003/10/13 08:22:25 markus Exp $ 12.\" $OpenBSD: scp.1,v 1.31 2003/12/09 21:53:36 markus Exp $
13.\" 13.\"
14.Dd September 25, 1999 14.Dd September 25, 1999
15.Dt SCP 1 15.Dt SCP 1
@@ -137,7 +137,6 @@ For full details of the options listed below, and their possible values, see
137.It HostKeyAlias 137.It HostKeyAlias
138.It HostName 138.It HostName
139.It IdentityFile 139.It IdentityFile
140.It KeepAlive
141.It LogLevel 140.It LogLevel
142.It MACs 141.It MACs
143.It NoHostAuthenticationForLocalhost 142.It NoHostAuthenticationForLocalhost
@@ -152,6 +151,7 @@ For full details of the options listed below, and their possible values, see
152.It RSAAuthentication 151.It RSAAuthentication
153.It SmartcardDevice 152.It SmartcardDevice
154.It StrictHostKeyChecking 153.It StrictHostKeyChecking
154.It TCPKeepAlive
155.It UsePrivilegedPort 155.It UsePrivilegedPort
156.It User 156.It User
157.It UserKnownHostsFile 157.It UserKnownHostsFile
diff --git a/servconf.c b/servconf.c
index 0df62ad63..a6824a863 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.128 2003/09/29 20:19:57 markus Exp $"); 13RCSID("$OpenBSD: servconf.c,v 1.129 2003/12/09 21:53:36 markus Exp $");
14 14
15#include "ssh.h" 15#include "ssh.h"
16#include "log.h" 16#include "log.h"
@@ -61,7 +61,7 @@ initialize_server_options(ServerOptions *options)
61 options->x11_use_localhost = -1; 61 options->x11_use_localhost = -1;
62 options->xauth_location = NULL; 62 options->xauth_location = NULL;
63 options->strict_modes = -1; 63 options->strict_modes = -1;
64 options->keepalives = -1; 64 options->tcp_keep_alive = -1;
65 options->log_facility = SYSLOG_FACILITY_NOT_SET; 65 options->log_facility = SYSLOG_FACILITY_NOT_SET;
66 options->log_level = SYSLOG_LEVEL_NOT_SET; 66 options->log_level = SYSLOG_LEVEL_NOT_SET;
67 options->rhosts_rsa_authentication = -1; 67 options->rhosts_rsa_authentication = -1;
@@ -159,8 +159,8 @@ fill_default_server_options(ServerOptions *options)
159 options->xauth_location = _PATH_XAUTH; 159 options->xauth_location = _PATH_XAUTH;
160 if (options->strict_modes == -1) 160 if (options->strict_modes == -1)
161 options->strict_modes = 1; 161 options->strict_modes = 1;
162 if (options->keepalives == -1) 162 if (options->tcp_keep_alive == -1)
163 options->keepalives = 1; 163 options->tcp_keep_alive = 1;
164 if (options->log_facility == SYSLOG_FACILITY_NOT_SET) 164 if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
165 options->log_facility = SYSLOG_FACILITY_AUTH; 165 options->log_facility = SYSLOG_FACILITY_AUTH;
166 if (options->log_level == SYSLOG_LEVEL_NOT_SET) 166 if (options->log_level == SYSLOG_LEVEL_NOT_SET)
@@ -254,7 +254,7 @@ typedef enum {
254 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, 254 sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
255 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 255 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
256 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 256 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
257 sStrictModes, sEmptyPasswd, sKeepAlives, 257 sStrictModes, sEmptyPasswd, sTCPKeepAlive,
258 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 258 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
259 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 259 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
260 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 260 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
@@ -334,7 +334,8 @@ static struct {
334 { "permituserenvironment", sPermitUserEnvironment }, 334 { "permituserenvironment", sPermitUserEnvironment },
335 { "uselogin", sUseLogin }, 335 { "uselogin", sUseLogin },
336 { "compression", sCompression }, 336 { "compression", sCompression },
337 { "keepalive", sKeepAlives }, 337 { "tcpkeepalive", sTCPKeepAlive },
338 { "keepalive", sTCPKeepAlive }, /* obsolete alias */
338 { "allowtcpforwarding", sAllowTcpForwarding }, 339 { "allowtcpforwarding", sAllowTcpForwarding },
339 { "allowusers", sAllowUsers }, 340 { "allowusers", sAllowUsers },
340 { "denyusers", sDenyUsers }, 341 { "denyusers", sDenyUsers },
@@ -677,8 +678,8 @@ parse_flag:
677 intptr = &options->strict_modes; 678 intptr = &options->strict_modes;
678 goto parse_flag; 679 goto parse_flag;
679 680
680 case sKeepAlives: 681 case sTCPKeepAlive:
681 intptr = &options->keepalives; 682 intptr = &options->tcp_keep_alive;
682 goto parse_flag; 683 goto parse_flag;
683 684
684 case sEmptyPasswd: 685 case sEmptyPasswd:
diff --git a/servconf.h b/servconf.h
index 828e94c5c..3cf47bf2f 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.65 2003/09/01 18:15:50 markus Exp $ */ 1/* $OpenBSD: servconf.h,v 1.66 2003/12/09 21:53:37 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -58,7 +58,7 @@ typedef struct {
58 int x11_use_localhost; /* If true, use localhost for fake X11 server. */ 58 int x11_use_localhost; /* If true, use localhost for fake X11 server. */
59 char *xauth_location; /* Location of xauth program */ 59 char *xauth_location; /* Location of xauth program */
60 int strict_modes; /* If true, require string home dir modes. */ 60 int strict_modes; /* If true, require string home dir modes. */
61 int keepalives; /* If true, set SO_KEEPALIVE. */ 61 int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
62 char *ciphers; /* Supported SSH2 ciphers. */ 62 char *ciphers; /* Supported SSH2 ciphers. */
63 char *macs; /* Supported SSH2 macs. */ 63 char *macs; /* Supported SSH2 macs. */
64 int protocol; /* Supported protocol versions. */ 64 int protocol; /* Supported protocol versions. */
diff --git a/sftp.1 b/sftp.1
index 00253037d..91a288dfc 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.47 2003/10/13 08:22:25 markus Exp $ 1.\" $OpenBSD: sftp.1,v 1.48 2003/12/09 21:53:37 markus Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -158,7 +158,6 @@ For full details of the options listed below, and their possible values, see
158.It HostKeyAlias 158.It HostKeyAlias
159.It HostName 159.It HostName
160.It IdentityFile 160.It IdentityFile
161.It KeepAlive
162.It LogLevel 161.It LogLevel
163.It MACs 162.It MACs
164.It NoHostAuthenticationForLocalhost 163.It NoHostAuthenticationForLocalhost
@@ -173,6 +172,7 @@ For full details of the options listed below, and their possible values, see
173.It RSAAuthentication 172.It RSAAuthentication
174.It SmartcardDevice 173.It SmartcardDevice
175.It StrictHostKeyChecking 174.It StrictHostKeyChecking
175.It TCPKeepAlive
176.It UsePrivilegedPort 176.It UsePrivilegedPort
177.It User 177.It User
178.It UserKnownHostsFile 178.It UserKnownHostsFile
diff --git a/ssh.1 b/ssh.1
index 25de869ad..33521268b 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.179 2003/11/24 00:16:35 dtucker Exp $ 37.\" $OpenBSD: ssh.1,v 1.180 2003/12/09 21:53:37 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -634,7 +634,6 @@ For full details of the options listed below, and their possible values, see
634.It HostKeyAlias 634.It HostKeyAlias
635.It HostName 635.It HostName
636.It IdentityFile 636.It IdentityFile
637.It KeepAlive
638.It LocalForward 637.It LocalForward
639.It LogLevel 638.It LogLevel
640.It MACs 639.It MACs
@@ -651,6 +650,7 @@ For full details of the options listed below, and their possible values, see
651.It RSAAuthentication 650.It RSAAuthentication
652.It SmartcardDevice 651.It SmartcardDevice
653.It StrictHostKeyChecking 652.It StrictHostKeyChecking
653.It TCPKeepAlive
654.It UsePrivilegedPort 654.It UsePrivilegedPort
655.It User 655.It User
656.It UserKnownHostsFile 656.It UserKnownHostsFile
diff --git a/ssh_config.5 b/ssh_config.5
index 8857073a5..3aafa4e7d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.25 2003/11/12 20:14:51 jmc Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.26 2003/12/09 21:53:37 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -408,23 +408,6 @@ syntax to refer to a user's home directory.
408It is possible to have 408It is possible to have
409multiple identity files specified in configuration files; all these 409multiple identity files specified in configuration files; all these
410identities will be tried in sequence. 410identities will be tried in sequence.
411.It Cm KeepAlive
412Specifies whether the system should send TCP keepalive messages to the
413other side.
414If they are sent, death of the connection or crash of one
415of the machines will be properly noticed.
416However, this means that
417connections will die if the route is down temporarily, and some people
418find it annoying.
419.Pp
420The default is
421.Dq yes
422(to send keepalives), and the client will notice
423if the network goes down or the remote host dies.
424This is important in scripts, and many users want it too.
425.Pp
426To disable keepalives, the value should be set to
427.Dq no .
428.It Cm LocalForward 411.It Cm LocalForward
429Specifies that a TCP/IP port on the local machine be forwarded over 412Specifies that a TCP/IP port on the local machine be forwarded over
430the secure channel to the specified host and port from the remote machine. 413the secure channel to the specified host and port from the remote machine.
@@ -613,6 +596,23 @@ or
613.Dq ask . 596.Dq ask .
614The default is 597The default is
615.Dq ask . 598.Dq ask .
599.It Cm TCPKeepAlive
600Specifies whether the system should send TCP keepalive messages to the
601other side.
602If they are sent, death of the connection or crash of one
603of the machines will be properly noticed.
604However, this means that
605connections will die if the route is down temporarily, and some people
606find it annoying.
607.Pp
608The default is
609.Dq yes
610(to send TCP keepalive messages), and the client will notice
611if the network goes down or the remote host dies.
612This is important in scripts, and many users want it too.
613.Pp
614To disable TCP keepalive messages, the value should be set to
615.Dq no .
616.It Cm UsePrivilegedPort 616.It Cm UsePrivilegedPort
617Specifies whether to use a privileged port for outgoing connections. 617Specifies whether to use a privileged port for outgoing connections.
618The argument must be 618The argument must be
diff --git a/sshconnect.c b/sshconnect.c
index 3d6cc375a..80b45c79e 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.154 2003/11/21 11:57:03 djm Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.155 2003/12/09 21:53:37 markus Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19 19
@@ -415,8 +415,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
415 415
416 debug("Connection established."); 416 debug("Connection established.");
417 417
418 /* Set keepalives if requested. */ 418 /* Set SO_KEEPALIVE if requested. */
419 if (options.keepalives && 419 if (options.tcp_keep_alive &&
420 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, 420 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
421 sizeof(on)) < 0) 421 sizeof(on)) < 0)
422 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); 422 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
diff --git a/sshd.c b/sshd.c
index 50856317a..ab029b00f 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
42 */ 42 */
43 43
44#include "includes.h" 44#include "includes.h"
45RCSID("$OpenBSD: sshd.c,v 1.283 2003/12/09 17:29:04 markus Exp $"); 45RCSID("$OpenBSD: sshd.c,v 1.284 2003/12/09 21:53:37 markus Exp $");
46 46
47#include <openssl/dh.h> 47#include <openssl/dh.h>
48#include <openssl/bn.h> 48#include <openssl/bn.h>
@@ -1398,8 +1398,8 @@ main(int ac, char **av)
1398 signal(SIGCHLD, SIG_DFL); 1398 signal(SIGCHLD, SIG_DFL);
1399 signal(SIGINT, SIG_DFL); 1399 signal(SIGINT, SIG_DFL);
1400 1400
1401 /* Set keepalives if requested. */ 1401 /* Set SO_KEEPALIVE if requested. */
1402 if (options.keepalives && 1402 if (options.tcp_keep_alive &&
1403 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, 1403 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
1404 sizeof(on)) < 0) 1404 sizeof(on)) < 0)
1405 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); 1405 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
diff --git a/sshd_config.5 b/sshd_config.5
index 06a197b76..ad3cf76df 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.26 2003/11/21 11:57:03 djm Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.27 2003/12/09 21:53:37 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -156,12 +156,12 @@ If this threshold is reached while client alive messages are being sent,
156will disconnect the client, terminating the session. 156will disconnect the client, terminating the session.
157It is important to note that the use of client alive messages is very 157It is important to note that the use of client alive messages is very
158different from 158different from
159.Cm KeepAlive 159.Cm TCPKeepAlive
160(below). 160(below).
161The client alive messages are sent through the encrypted channel 161The client alive messages are sent through the encrypted channel
162and therefore will not be spoofable. 162and therefore will not be spoofable.
163The TCP keepalive option enabled by 163The TCP keepalive option enabled by
164.Cm KeepAlive 164.Cm TCPKeepAlive
165is spoofable. 165is spoofable.
166The client alive mechanism is valuable when the client or 166The client alive mechanism is valuable when the client or
167server depend on knowing when a connection has become inactive. 167server depend on knowing when a connection has become inactive.
@@ -292,27 +292,6 @@ or
292.Cm HostbasedAuthentication . 292.Cm HostbasedAuthentication .
293The default is 293The default is
294.Dq no . 294.Dq no .
295.It Cm KeepAlive
296Specifies whether the system should send TCP keepalive messages to the
297other side.
298If they are sent, death of the connection or crash of one
299of the machines will be properly noticed.
300However, this means that
301connections will die if the route is down temporarily, and some people
302find it annoying.
303On the other hand, if keepalives are not sent,
304sessions may hang indefinitely on the server, leaving
305.Dq ghost
306users and consuming server resources.
307.Pp
308The default is
309.Dq yes
310(to send keepalives), and the server will notice
311if the network goes down or the client host crashes.
312This avoids infinitely hanging sessions.
313.Pp
314To disable keepalives, the value should be set to
315.Dq no .
316.It Cm KerberosAuthentication 295.It Cm KerberosAuthentication
317Specifies whether the password provided by the user for 296Specifies whether the password provided by the user for
318.Cm PasswordAuthentication 297.Cm PasswordAuthentication
@@ -580,6 +559,27 @@ Gives the facility code that is used when logging messages from
580The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 559The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
581LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 560LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
582The default is AUTH. 561The default is AUTH.
562.It Cm TCPKeepAlive
563Specifies whether the system should send TCP keepalive messages to the
564other side.
565If they are sent, death of the connection or crash of one
566of the machines will be properly noticed.
567However, this means that
568connections will die if the route is down temporarily, and some people
569find it annoying.
570On the other hand, if TCP keepalives are not sent,
571sessions may hang indefinitely on the server, leaving
572.Dq ghost
573users and consuming server resources.
574.Pp
575The default is
576.Dq yes
577(to send TCP keepalive messages), and the server will notice
578if the network goes down or the client host crashes.
579This avoids infinitely hanging sessions.
580.Pp
581To disable TCP keepalive messages, the value should be set to
582.Dq no .
583.It Cm UseDNS 583.It Cm UseDNS
584Specifies whether 584Specifies whether
585.Nm sshd 585.Nm sshd