diff options
-rw-r--r-- | readconf.c | 14 | ||||
-rw-r--r-- | ssh_config.5 | 21 | ||||
-rw-r--r-- | sshd_config.5 | 3 |
3 files changed, 34 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c index 1f1be7789..7f2b5c172 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -174,6 +174,7 @@ typedef enum { | |||
174 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, | 174 | oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, |
175 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | 175 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, |
176 | oPubkeyAcceptedKeyTypes, oProxyJump, | 176 | oPubkeyAcceptedKeyTypes, oProxyJump, |
177 | oProtocolKeepAlives, oSetupTimeOut, | ||
177 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported | 178 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported |
178 | } OpCodes; | 179 | } OpCodes; |
179 | 180 | ||
@@ -319,6 +320,8 @@ static struct { | |||
319 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, | 320 | { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, |
320 | { "ignoreunknown", oIgnoreUnknown }, | 321 | { "ignoreunknown", oIgnoreUnknown }, |
321 | { "proxyjump", oProxyJump }, | 322 | { "proxyjump", oProxyJump }, |
323 | { "protocolkeepalives", oProtocolKeepAlives }, | ||
324 | { "setuptimeout", oSetupTimeOut }, | ||
322 | 325 | ||
323 | { NULL, oBadOption } | 326 | { NULL, oBadOption } |
324 | }; | 327 | }; |
@@ -1378,6 +1381,8 @@ parse_keytypes: | |||
1378 | goto parse_flag; | 1381 | goto parse_flag; |
1379 | 1382 | ||
1380 | case oServerAliveInterval: | 1383 | case oServerAliveInterval: |
1384 | case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
1385 | case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
1381 | intptr = &options->server_alive_interval; | 1386 | intptr = &options->server_alive_interval; |
1382 | goto parse_time; | 1387 | goto parse_time; |
1383 | 1388 | ||
@@ -2019,8 +2024,13 @@ fill_default_options(Options * options) | |||
2019 | options->rekey_interval = 0; | 2024 | options->rekey_interval = 0; |
2020 | if (options->verify_host_key_dns == -1) | 2025 | if (options->verify_host_key_dns == -1) |
2021 | options->verify_host_key_dns = 0; | 2026 | options->verify_host_key_dns = 0; |
2022 | if (options->server_alive_interval == -1) | 2027 | if (options->server_alive_interval == -1) { |
2023 | options->server_alive_interval = 0; | 2028 | /* in batch mode, default is 5mins */ |
2029 | if (options->batch_mode == 1) | ||
2030 | options->server_alive_interval = 300; | ||
2031 | else | ||
2032 | options->server_alive_interval = 0; | ||
2033 | } | ||
2024 | if (options->server_alive_count_max == -1) | 2034 | if (options->server_alive_count_max == -1) |
2025 | options->server_alive_count_max = 3; | 2035 | options->server_alive_count_max = 3; |
2026 | if (options->control_master == -1) | 2036 | if (options->control_master == -1) |
diff --git a/ssh_config.5 b/ssh_config.5 index 66826aa70..32c3632c7 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -247,8 +247,12 @@ Valid arguments are | |||
247 | If set to | 247 | If set to |
248 | .Cm yes , | 248 | .Cm yes , |
249 | passphrase/password querying will be disabled. | 249 | passphrase/password querying will be disabled. |
250 | In addition, the | ||
251 | .Cm ServerAliveInterval | ||
252 | option will be set to 300 seconds by default (Debian-specific). | ||
250 | This option is useful in scripts and other batch jobs where no user | 253 | This option is useful in scripts and other batch jobs where no user |
251 | is present to supply the password. | 254 | is present to supply the password, |
255 | and where it is desirable to detect a broken network swiftly. | ||
252 | The argument must be | 256 | The argument must be |
253 | .Cm yes | 257 | .Cm yes |
254 | or | 258 | or |
@@ -1463,7 +1467,14 @@ from the server, | |||
1463 | will send a message through the encrypted | 1467 | will send a message through the encrypted |
1464 | channel to request a response from the server. | 1468 | channel to request a response from the server. |
1465 | The default | 1469 | The default |
1466 | is 0, indicating that these messages will not be sent to the server. | 1470 | is 0, indicating that these messages will not be sent to the server, |
1471 | or 300 if the | ||
1472 | .Cm BatchMode | ||
1473 | option is set (Debian-specific). | ||
1474 | .Cm ProtocolKeepAlives | ||
1475 | and | ||
1476 | .Cm SetupTimeOut | ||
1477 | are Debian-specific compatibility aliases for this option. | ||
1467 | .It Cm StreamLocalBindMask | 1478 | .It Cm StreamLocalBindMask |
1468 | Sets the octal file creation mode mask | 1479 | Sets the octal file creation mode mask |
1469 | .Pq umask | 1480 | .Pq umask |
@@ -1537,6 +1548,12 @@ Specifies whether the system should send TCP keepalive messages to the | |||
1537 | other side. | 1548 | other side. |
1538 | If they are sent, death of the connection or crash of one | 1549 | If they are sent, death of the connection or crash of one |
1539 | of the machines will be properly noticed. | 1550 | of the machines will be properly noticed. |
1551 | This option only uses TCP keepalives (as opposed to using ssh level | ||
1552 | keepalives), so takes a long time to notice when the connection dies. | ||
1553 | As such, you probably want | ||
1554 | the | ||
1555 | .Cm ServerAliveInterval | ||
1556 | option as well. | ||
1540 | However, this means that | 1557 | However, this means that |
1541 | connections will die if the route is down temporarily, and some people | 1558 | connections will die if the route is down temporarily, and some people |
1542 | find it annoying. | 1559 | find it annoying. |
diff --git a/sshd_config.5 b/sshd_config.5 index c4a3f3cb2..1a1c6dd09 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -1495,6 +1495,9 @@ This avoids infinitely hanging sessions. | |||
1495 | .Pp | 1495 | .Pp |
1496 | To disable TCP keepalive messages, the value should be set to | 1496 | To disable TCP keepalive messages, the value should be set to |
1497 | .Cm no . | 1497 | .Cm no . |
1498 | .Pp | ||
1499 | This option was formerly called | ||
1500 | .Cm KeepAlive . | ||
1498 | .It Cm TrustedUserCAKeys | 1501 | .It Cm TrustedUserCAKeys |
1499 | Specifies a file containing public keys of certificate authorities that are | 1502 | Specifies a file containing public keys of certificate authorities that are |
1500 | trusted to sign user certificates for authentication, or | 1503 | trusted to sign user certificates for authentication, or |