summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--readconf.c14
-rw-r--r--ssh_config.521
-rw-r--r--sshd_config.53
3 files changed, 34 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c
index 5e655e924..052d4b1ac 100644
--- a/readconf.c
+++ b/readconf.c
@@ -175,6 +175,7 @@ typedef enum {
175 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, 175 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
176 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 176 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
177 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, 177 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
178 oProtocolKeepAlives, oSetupTimeOut,
178 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported 179 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
179} OpCodes; 180} OpCodes;
180 181
@@ -322,6 +323,8 @@ static struct {
322 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, 323 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
323 { "ignoreunknown", oIgnoreUnknown }, 324 { "ignoreunknown", oIgnoreUnknown },
324 { "proxyjump", oProxyJump }, 325 { "proxyjump", oProxyJump },
326 { "protocolkeepalives", oProtocolKeepAlives },
327 { "setuptimeout", oSetupTimeOut },
325 328
326 { NULL, oBadOption } 329 { NULL, oBadOption }
327}; 330};
@@ -1415,6 +1418,8 @@ parse_keytypes:
1415 goto parse_flag; 1418 goto parse_flag;
1416 1419
1417 case oServerAliveInterval: 1420 case oServerAliveInterval:
1421 case oProtocolKeepAlives: /* Debian-specific compatibility alias */
1422 case oSetupTimeOut: /* Debian-specific compatibility alias */
1418 intptr = &options->server_alive_interval; 1423 intptr = &options->server_alive_interval;
1419 goto parse_time; 1424 goto parse_time;
1420 1425
@@ -2101,8 +2106,13 @@ fill_default_options(Options * options)
2101 options->rekey_interval = 0; 2106 options->rekey_interval = 0;
2102 if (options->verify_host_key_dns == -1) 2107 if (options->verify_host_key_dns == -1)
2103 options->verify_host_key_dns = 0; 2108 options->verify_host_key_dns = 0;
2104 if (options->server_alive_interval == -1) 2109 if (options->server_alive_interval == -1) {
2105 options->server_alive_interval = 0; 2110 /* in batch mode, default is 5mins */
2111 if (options->batch_mode == 1)
2112 options->server_alive_interval = 300;
2113 else
2114 options->server_alive_interval = 0;
2115 }
2106 if (options->server_alive_count_max == -1) 2116 if (options->server_alive_count_max == -1)
2107 options->server_alive_count_max = 3; 2117 options->server_alive_count_max = 3;
2108 if (options->control_master == -1) 2118 if (options->control_master == -1)
diff --git a/ssh_config.5 b/ssh_config.5
index 16c79368a..54e143c93 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -247,8 +247,12 @@ Valid arguments are
247If set to 247If set to
248.Cm yes , 248.Cm yes ,
249passphrase/password querying will be disabled. 249passphrase/password querying will be disabled.
250In addition, the
251.Cm ServerAliveInterval
252option will be set to 300 seconds by default (Debian-specific).
250This option is useful in scripts and other batch jobs where no user 253This option is useful in scripts and other batch jobs where no user
251is present to supply the password. 254is present to supply the password,
255and where it is desirable to detect a broken network swiftly.
252The argument must be 256The argument must be
253.Cm yes 257.Cm yes
254or 258or
@@ -1485,7 +1489,14 @@ from the server,
1485will send a message through the encrypted 1489will send a message through the encrypted
1486channel to request a response from the server. 1490channel to request a response from the server.
1487The default 1491The default
1488is 0, indicating that these messages will not be sent to the server. 1492is 0, indicating that these messages will not be sent to the server,
1493or 300 if the
1494.Cm BatchMode
1495option is set (Debian-specific).
1496.Cm ProtocolKeepAlives
1497and
1498.Cm SetupTimeOut
1499are Debian-specific compatibility aliases for this option.
1489.It Cm SetEnv 1500.It Cm SetEnv
1490Directly specify one or more environment variables and their contents to 1501Directly specify one or more environment variables and their contents to
1491be sent to the server. 1502be sent to the server.
@@ -1565,6 +1576,12 @@ Specifies whether the system should send TCP keepalive messages to the
1565other side. 1576other side.
1566If they are sent, death of the connection or crash of one 1577If they are sent, death of the connection or crash of one
1567of the machines will be properly noticed. 1578of the machines will be properly noticed.
1579This option only uses TCP keepalives (as opposed to using ssh level
1580keepalives), so takes a long time to notice when the connection dies.
1581As such, you probably want
1582the
1583.Cm ServerAliveInterval
1584option as well.
1568However, this means that 1585However, this means that
1569connections will die if the route is down temporarily, and some people 1586connections will die if the route is down temporarily, and some people
1570find it annoying. 1587find it annoying.
diff --git a/sshd_config.5 b/sshd_config.5
index 985eef5a2..e7e55dd71 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1577,6 +1577,9 @@ This avoids infinitely hanging sessions.
1577.Pp 1577.Pp
1578To disable TCP keepalive messages, the value should be set to 1578To disable TCP keepalive messages, the value should be set to
1579.Cm no . 1579.Cm no .
1580.Pp
1581This option was formerly called
1582.Cm KeepAlive .
1580.It Cm TrustedUserCAKeys 1583.It Cm TrustedUserCAKeys
1581Specifies a file containing public keys of certificate authorities that are 1584Specifies a file containing public keys of certificate authorities that are
1582trusted to sign user certificates for authentication, or 1585trusted to sign user certificates for authentication, or