summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--readconf.c14
-rw-r--r--ssh_config.521
-rw-r--r--sshd_config.53
3 files changed, 34 insertions, 4 deletions
diff --git a/readconf.c b/readconf.c
index a7fb7ca15..09787c0e5 100644
--- a/readconf.c
+++ b/readconf.c
@@ -177,6 +177,7 @@ typedef enum {
177 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, 177 oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
178 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, 178 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
179 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, 179 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
180 oProtocolKeepAlives, oSetupTimeOut,
180 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported 181 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
181} OpCodes; 182} OpCodes;
182 183
@@ -326,6 +327,8 @@ static struct {
326 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, 327 { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
327 { "ignoreunknown", oIgnoreUnknown }, 328 { "ignoreunknown", oIgnoreUnknown },
328 { "proxyjump", oProxyJump }, 329 { "proxyjump", oProxyJump },
330 { "protocolkeepalives", oProtocolKeepAlives },
331 { "setuptimeout", oSetupTimeOut },
329 332
330 { NULL, oBadOption } 333 { NULL, oBadOption }
331}; 334};
@@ -1449,6 +1452,8 @@ parse_keytypes:
1449 goto parse_flag; 1452 goto parse_flag;
1450 1453
1451 case oServerAliveInterval: 1454 case oServerAliveInterval:
1455 case oProtocolKeepAlives: /* Debian-specific compatibility alias */
1456 case oSetupTimeOut: /* Debian-specific compatibility alias */
1452 intptr = &options->server_alive_interval; 1457 intptr = &options->server_alive_interval;
1453 goto parse_time; 1458 goto parse_time;
1454 1459
@@ -2142,8 +2147,13 @@ fill_default_options(Options * options)
2142 options->rekey_interval = 0; 2147 options->rekey_interval = 0;
2143 if (options->verify_host_key_dns == -1) 2148 if (options->verify_host_key_dns == -1)
2144 options->verify_host_key_dns = 0; 2149 options->verify_host_key_dns = 0;
2145 if (options->server_alive_interval == -1) 2150 if (options->server_alive_interval == -1) {
2146 options->server_alive_interval = 0; 2151 /* in batch mode, default is 5mins */
2152 if (options->batch_mode == 1)
2153 options->server_alive_interval = 300;
2154 else
2155 options->server_alive_interval = 0;
2156 }
2147 if (options->server_alive_count_max == -1) 2157 if (options->server_alive_count_max == -1)
2148 options->server_alive_count_max = 3; 2158 options->server_alive_count_max = 3;
2149 if (options->control_master == -1) 2159 if (options->control_master == -1)
diff --git a/ssh_config.5 b/ssh_config.5
index f4668673b..bc04d8d02 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -265,8 +265,12 @@ Valid arguments are
265If set to 265If set to
266.Cm yes , 266.Cm yes ,
267passphrase/password querying will be disabled. 267passphrase/password querying will be disabled.
268In addition, the
269.Cm ServerAliveInterval
270option will be set to 300 seconds by default (Debian-specific).
268This option is useful in scripts and other batch jobs where no user 271This option is useful in scripts and other batch jobs where no user
269is present to supply the password. 272is present to supply the password,
273and where it is desirable to detect a broken network swiftly.
270The argument must be 274The argument must be
271.Cm yes 275.Cm yes
272or 276or
@@ -1557,7 +1561,14 @@ from the server,
1557will send a message through the encrypted 1561will send a message through the encrypted
1558channel to request a response from the server. 1562channel to request a response from the server.
1559The default 1563The default
1560is 0, indicating that these messages will not be sent to the server. 1564is 0, indicating that these messages will not be sent to the server,
1565or 300 if the
1566.Cm BatchMode
1567option is set (Debian-specific).
1568.Cm ProtocolKeepAlives
1569and
1570.Cm SetupTimeOut
1571are Debian-specific compatibility aliases for this option.
1561.It Cm SetEnv 1572.It Cm SetEnv
1562Directly specify one or more environment variables and their contents to 1573Directly specify one or more environment variables and their contents to
1563be sent to the server. 1574be sent to the server.
@@ -1637,6 +1648,12 @@ Specifies whether the system should send TCP keepalive messages to the
1637other side. 1648other side.
1638If they are sent, death of the connection or crash of one 1649If they are sent, death of the connection or crash of one
1639of the machines will be properly noticed. 1650of the machines will be properly noticed.
1651This option only uses TCP keepalives (as opposed to using ssh level
1652keepalives), so takes a long time to notice when the connection dies.
1653As such, you probably want
1654the
1655.Cm ServerAliveInterval
1656option as well.
1640However, this means that 1657However, this means that
1641connections will die if the route is down temporarily, and some people 1658connections will die if the route is down temporarily, and some people
1642find it annoying. 1659find it annoying.
diff --git a/sshd_config.5 b/sshd_config.5
index cec3c3c4e..eec224158 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1615,6 +1615,9 @@ This avoids infinitely hanging sessions.
1615.Pp 1615.Pp
1616To disable TCP keepalive messages, the value should be set to 1616To disable TCP keepalive messages, the value should be set to
1617.Cm no . 1617.Cm no .
1618.Pp
1619This option was formerly called
1620.Cm KeepAlive .
1618.It Cm TrustedUserCAKeys 1621.It Cm TrustedUserCAKeys
1619Specifies a file containing public keys of certificate authorities that are 1622Specifies a file containing public keys of certificate authorities that are
1620trusted to sign user certificates for authentication, or 1623trusted to sign user certificates for authentication, or