diff options
Diffstat (limited to 'debian/patches/keepalive-extensions.patch')
-rw-r--r-- | debian/patches/keepalive-extensions.patch | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch new file mode 100644 index 000000000..98e9f8bdd --- /dev/null +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -0,0 +1,124 @@ | |||
1 | Description: Various keepalive extensions | ||
2 | Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, | ||
3 | supported in previous versions of Debian's OpenSSH package but since | ||
4 | superseded by ServerAliveInterval. (We're probably stuck with this bit for | ||
5 | compatibility.) | ||
6 | . | ||
7 | In batch mode, default ServerAliveInterval to five minutes. | ||
8 | . | ||
9 | Adjust documentation to match and to give some more advice on use of | ||
10 | keepalives. | ||
11 | Author: Richard Kettlewell <rjk@greenend.org.uk> | ||
12 | Author: Ian Jackson <ian@chiark.greenend.org.uk> | ||
13 | Author: Matthew Vernon <matthew@debian.org> | ||
14 | Author: Colin Watson <cjwatson@debian.org> | ||
15 | Last-Update: 2013-05-16 | ||
16 | |||
17 | Index: b/readconf.c | ||
18 | =================================================================== | ||
19 | --- a/readconf.c | ||
20 | +++ b/readconf.c | ||
21 | @@ -138,6 +138,7 @@ | ||
22 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | ||
23 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | ||
24 | oKexAlgorithms, oIPQoS, oRequestTTY, | ||
25 | + oProtocolKeepAlives, oSetupTimeOut, | ||
26 | oDeprecated, oUnsupported | ||
27 | } OpCodes; | ||
28 | |||
29 | @@ -259,6 +260,8 @@ | ||
30 | { "kexalgorithms", oKexAlgorithms }, | ||
31 | { "ipqos", oIPQoS }, | ||
32 | { "requesttty", oRequestTTY }, | ||
33 | + { "protocolkeepalives", oProtocolKeepAlives }, | ||
34 | + { "setuptimeout", oSetupTimeOut }, | ||
35 | |||
36 | { NULL, oBadOption } | ||
37 | }; | ||
38 | @@ -933,6 +936,8 @@ | ||
39 | goto parse_flag; | ||
40 | |||
41 | case oServerAliveInterval: | ||
42 | + case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
43 | + case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
44 | intptr = &options->server_alive_interval; | ||
45 | goto parse_time; | ||
46 | |||
47 | @@ -1392,8 +1397,13 @@ | ||
48 | options->rekey_limit = 0; | ||
49 | if (options->verify_host_key_dns == -1) | ||
50 | options->verify_host_key_dns = 0; | ||
51 | - if (options->server_alive_interval == -1) | ||
52 | - options->server_alive_interval = 0; | ||
53 | + if (options->server_alive_interval == -1) { | ||
54 | + /* in batch mode, default is 5mins */ | ||
55 | + if (options->batch_mode == 1) | ||
56 | + options->server_alive_interval = 300; | ||
57 | + else | ||
58 | + options->server_alive_interval = 0; | ||
59 | + } | ||
60 | if (options->server_alive_count_max == -1) | ||
61 | options->server_alive_count_max = 3; | ||
62 | if (options->control_master == -1) | ||
63 | Index: b/ssh_config.5 | ||
64 | =================================================================== | ||
65 | --- a/ssh_config.5 | ||
66 | +++ b/ssh_config.5 | ||
67 | @@ -136,8 +136,12 @@ | ||
68 | If set to | ||
69 | .Dq yes , | ||
70 | passphrase/password querying will be disabled. | ||
71 | +In addition, the | ||
72 | +.Cm ServerAliveInterval | ||
73 | +option will be set to 300 seconds by default. | ||
74 | This option is useful in scripts and other batch jobs where no user | ||
75 | -is present to supply the password. | ||
76 | +is present to supply the password, | ||
77 | +and where it is desirable to detect a broken network swiftly. | ||
78 | The argument must be | ||
79 | .Dq yes | ||
80 | or | ||
81 | @@ -1113,8 +1117,15 @@ | ||
82 | will send a message through the encrypted | ||
83 | channel to request a response from the server. | ||
84 | The default | ||
85 | -is 0, indicating that these messages will not be sent to the server. | ||
86 | +is 0, indicating that these messages will not be sent to the server, | ||
87 | +or 300 if the | ||
88 | +.Cm BatchMode | ||
89 | +option is set. | ||
90 | This option applies to protocol version 2 only. | ||
91 | +.Cm ProtocolKeepAlives | ||
92 | +and | ||
93 | +.Cm SetupTimeOut | ||
94 | +are Debian-specific compatibility aliases for this option. | ||
95 | .It Cm StrictHostKeyChecking | ||
96 | If this flag is set to | ||
97 | .Dq yes , | ||
98 | @@ -1153,6 +1164,12 @@ | ||
99 | other side. | ||
100 | If they are sent, death of the connection or crash of one | ||
101 | of the machines will be properly noticed. | ||
102 | +This option only uses TCP keepalives (as opposed to using ssh level | ||
103 | +keepalives), so takes a long time to notice when the connection dies. | ||
104 | +As such, you probably want | ||
105 | +the | ||
106 | +.Cm ServerAliveInterval | ||
107 | +option as well. | ||
108 | However, this means that | ||
109 | connections will die if the route is down temporarily, and some people | ||
110 | find it annoying. | ||
111 | Index: b/sshd_config.5 | ||
112 | =================================================================== | ||
113 | --- a/sshd_config.5 | ||
114 | +++ b/sshd_config.5 | ||
115 | @@ -1122,6 +1122,9 @@ | ||
116 | .Pp | ||
117 | To disable TCP keepalive messages, the value should be set to | ||
118 | .Dq no . | ||
119 | +.Pp | ||
120 | +This option was formerly called | ||
121 | +.Cm KeepAlive . | ||
122 | .It Cm TrustedUserCAKeys | ||
123 | Specifies a file containing public keys of certificate authorities that are | ||
124 | trusted to sign user certificates for authentication. | ||