diff options
Diffstat (limited to 'debian/patches/keepalive-extensions.patch')
-rw-r--r-- | debian/patches/keepalive-extensions.patch | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch new file mode 100644 index 000000000..734118a19 --- /dev/null +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -0,0 +1,135 @@ | |||
1 | From 3558be2914c0127489faae40ce2eae66142c3287 Mon Sep 17 00:00:00 2001 | ||
2 | From: Richard Kettlewell <rjk@greenend.org.uk> | ||
3 | Date: Sun, 9 Feb 2014 16:09:52 +0000 | ||
4 | Subject: Various keepalive extensions | ||
5 | |||
6 | Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported | ||
7 | in previous versions of Debian's OpenSSH package but since superseded by | ||
8 | ServerAliveInterval. (We're probably stuck with this bit for | ||
9 | compatibility.) | ||
10 | |||
11 | In batch mode, default ServerAliveInterval to five minutes. | ||
12 | |||
13 | Adjust documentation to match and to give some more advice on use of | ||
14 | keepalives. | ||
15 | |||
16 | Author: Ian Jackson <ian@chiark.greenend.org.uk> | ||
17 | Author: Matthew Vernon <matthew@debian.org> | ||
18 | Author: Colin Watson <cjwatson@debian.org> | ||
19 | Last-Update: 2020-02-21 | ||
20 | |||
21 | Patch-Name: keepalive-extensions.patch | ||
22 | --- | ||
23 | readconf.c | 14 ++++++++++++-- | ||
24 | ssh_config.5 | 21 +++++++++++++++++++-- | ||
25 | sshd_config.5 | 3 +++ | ||
26 | 3 files changed, 34 insertions(+), 4 deletions(-) | ||
27 | |||
28 | diff --git a/readconf.c b/readconf.c | ||
29 | index 0fc996871..2399208f8 100644 | ||
30 | --- a/readconf.c | ||
31 | +++ b/readconf.c | ||
32 | @@ -176,6 +176,7 @@ typedef enum { | ||
33 | oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes, | ||
34 | oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump, | ||
35 | oSecurityKeyProvider, | ||
36 | + oProtocolKeepAlives, oSetupTimeOut, | ||
37 | oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported | ||
38 | } OpCodes; | ||
39 | |||
40 | @@ -326,6 +327,8 @@ static struct { | ||
41 | { "ignoreunknown", oIgnoreUnknown }, | ||
42 | { "proxyjump", oProxyJump }, | ||
43 | { "securitykeyprovider", oSecurityKeyProvider }, | ||
44 | + { "protocolkeepalives", oProtocolKeepAlives }, | ||
45 | + { "setuptimeout", oSetupTimeOut }, | ||
46 | |||
47 | { NULL, oBadOption } | ||
48 | }; | ||
49 | @@ -1495,6 +1498,8 @@ parse_keytypes: | ||
50 | goto parse_flag; | ||
51 | |||
52 | case oServerAliveInterval: | ||
53 | + case oProtocolKeepAlives: /* Debian-specific compatibility alias */ | ||
54 | + case oSetupTimeOut: /* Debian-specific compatibility alias */ | ||
55 | intptr = &options->server_alive_interval; | ||
56 | goto parse_time; | ||
57 | |||
58 | @@ -2198,8 +2203,13 @@ fill_default_options(Options * options) | ||
59 | options->rekey_interval = 0; | ||
60 | if (options->verify_host_key_dns == -1) | ||
61 | options->verify_host_key_dns = 0; | ||
62 | - if (options->server_alive_interval == -1) | ||
63 | - options->server_alive_interval = 0; | ||
64 | + if (options->server_alive_interval == -1) { | ||
65 | + /* in batch mode, default is 5mins */ | ||
66 | + if (options->batch_mode == 1) | ||
67 | + options->server_alive_interval = 300; | ||
68 | + else | ||
69 | + options->server_alive_interval = 0; | ||
70 | + } | ||
71 | if (options->server_alive_count_max == -1) | ||
72 | options->server_alive_count_max = 3; | ||
73 | if (options->control_master == -1) | ||
74 | diff --git a/ssh_config.5 b/ssh_config.5 | ||
75 | index 3f4906972..3079db19b 100644 | ||
76 | --- a/ssh_config.5 | ||
77 | +++ b/ssh_config.5 | ||
78 | @@ -266,9 +266,13 @@ If set to | ||
79 | .Cm yes , | ||
80 | user interaction such as password prompts and host key confirmation requests | ||
81 | will be disabled. | ||
82 | +In addition, the | ||
83 | +.Cm ServerAliveInterval | ||
84 | +option will be set to 300 seconds by default (Debian-specific). | ||
85 | This option is useful in scripts and other batch jobs where no user | ||
86 | is present to interact with | ||
87 | -.Xr ssh 1 . | ||
88 | +.Xr ssh 1 , | ||
89 | +and where it is desirable to detect a broken network swiftly. | ||
90 | The argument must be | ||
91 | .Cm yes | ||
92 | or | ||
93 | @@ -1593,7 +1597,14 @@ from the server, | ||
94 | will send a message through the encrypted | ||
95 | channel to request a response from the server. | ||
96 | The default | ||
97 | -is 0, indicating that these messages will not be sent to the server. | ||
98 | +is 0, indicating that these messages will not be sent to the server, | ||
99 | +or 300 if the | ||
100 | +.Cm BatchMode | ||
101 | +option is set (Debian-specific). | ||
102 | +.Cm ProtocolKeepAlives | ||
103 | +and | ||
104 | +.Cm SetupTimeOut | ||
105 | +are Debian-specific compatibility aliases for this option. | ||
106 | .It Cm SetEnv | ||
107 | Directly specify one or more environment variables and their contents to | ||
108 | be sent to the server. | ||
109 | @@ -1673,6 +1684,12 @@ Specifies whether the system should send TCP keepalive messages to the | ||
110 | other side. | ||
111 | If they are sent, death of the connection or crash of one | ||
112 | of the machines will be properly noticed. | ||
113 | +This option only uses TCP keepalives (as opposed to using ssh level | ||
114 | +keepalives), so takes a long time to notice when the connection dies. | ||
115 | +As such, you probably want | ||
116 | +the | ||
117 | +.Cm ServerAliveInterval | ||
118 | +option as well. | ||
119 | However, this means that | ||
120 | connections will die if the route is down temporarily, and some people | ||
121 | find it annoying. | ||
122 | diff --git a/sshd_config.5 b/sshd_config.5 | ||
123 | index f6b41a2f8..ebd09f891 100644 | ||
124 | --- a/sshd_config.5 | ||
125 | +++ b/sshd_config.5 | ||
126 | @@ -1668,6 +1668,9 @@ This avoids infinitely hanging sessions. | ||
127 | .Pp | ||
128 | To disable TCP keepalive messages, the value should be set to | ||
129 | .Cm no . | ||
130 | +.Pp | ||
131 | +This option was formerly called | ||
132 | +.Cm KeepAlive . | ||
133 | .It Cm TrustedUserCAKeys | ||
134 | Specifies a file containing public keys of certificate authorities that are | ||
135 | trusted to sign user certificates for authentication, or | ||