summaryrefslogtreecommitdiff
path: root/debian/patches/keepalive-extensions.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/keepalive-extensions.patch')
-rw-r--r--debian/patches/keepalive-extensions.patch135
1 files changed, 135 insertions, 0 deletions
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
new file mode 100644
index 000000000..734118a19
--- /dev/null
+++ b/debian/patches/keepalive-extensions.patch
@@ -0,0 +1,135 @@
1From 3558be2914c0127489faae40ce2eae66142c3287 Mon Sep 17 00:00:00 2001
2From: Richard Kettlewell <rjk@greenend.org.uk>
3Date: Sun, 9 Feb 2014 16:09:52 +0000
4Subject: Various keepalive extensions
5
6Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported
7in previous versions of Debian's OpenSSH package but since superseded by
8ServerAliveInterval. (We're probably stuck with this bit for
9compatibility.)
10
11In batch mode, default ServerAliveInterval to five minutes.
12
13Adjust documentation to match and to give some more advice on use of
14keepalives.
15
16Author: Ian Jackson <ian@chiark.greenend.org.uk>
17Author: Matthew Vernon <matthew@debian.org>
18Author: Colin Watson <cjwatson@debian.org>
19Last-Update: 2020-02-21
20
21Patch-Name: keepalive-extensions.patch
22---
23 readconf.c | 14 ++++++++++++--
24 ssh_config.5 | 21 +++++++++++++++++++--
25 sshd_config.5 | 3 +++
26 3 files changed, 34 insertions(+), 4 deletions(-)
27
28diff --git a/readconf.c b/readconf.c
29index 0fc996871..2399208f8 100644
30--- a/readconf.c
31+++ b/readconf.c
32@@ -176,6 +176,7 @@ typedef enum {
33 oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
34 oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
35 oSecurityKeyProvider,
36+ oProtocolKeepAlives, oSetupTimeOut,
37 oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
38 } OpCodes;
39
40@@ -326,6 +327,8 @@ static struct {
41 { "ignoreunknown", oIgnoreUnknown },
42 { "proxyjump", oProxyJump },
43 { "securitykeyprovider", oSecurityKeyProvider },
44+ { "protocolkeepalives", oProtocolKeepAlives },
45+ { "setuptimeout", oSetupTimeOut },
46
47 { NULL, oBadOption }
48 };
49@@ -1495,6 +1498,8 @@ parse_keytypes:
50 goto parse_flag;
51
52 case oServerAliveInterval:
53+ case oProtocolKeepAlives: /* Debian-specific compatibility alias */
54+ case oSetupTimeOut: /* Debian-specific compatibility alias */
55 intptr = &options->server_alive_interval;
56 goto parse_time;
57
58@@ -2198,8 +2203,13 @@ fill_default_options(Options * options)
59 options->rekey_interval = 0;
60 if (options->verify_host_key_dns == -1)
61 options->verify_host_key_dns = 0;
62- if (options->server_alive_interval == -1)
63- options->server_alive_interval = 0;
64+ if (options->server_alive_interval == -1) {
65+ /* in batch mode, default is 5mins */
66+ if (options->batch_mode == 1)
67+ options->server_alive_interval = 300;
68+ else
69+ options->server_alive_interval = 0;
70+ }
71 if (options->server_alive_count_max == -1)
72 options->server_alive_count_max = 3;
73 if (options->control_master == -1)
74diff --git a/ssh_config.5 b/ssh_config.5
75index 3f4906972..3079db19b 100644
76--- a/ssh_config.5
77+++ b/ssh_config.5
78@@ -266,9 +266,13 @@ If set to
79 .Cm yes ,
80 user interaction such as password prompts and host key confirmation requests
81 will be disabled.
82+In addition, the
83+.Cm ServerAliveInterval
84+option will be set to 300 seconds by default (Debian-specific).
85 This option is useful in scripts and other batch jobs where no user
86 is present to interact with
87-.Xr ssh 1 .
88+.Xr ssh 1 ,
89+and where it is desirable to detect a broken network swiftly.
90 The argument must be
91 .Cm yes
92 or
93@@ -1593,7 +1597,14 @@ from the server,
94 will send a message through the encrypted
95 channel to request a response from the server.
96 The default
97-is 0, indicating that these messages will not be sent to the server.
98+is 0, indicating that these messages will not be sent to the server,
99+or 300 if the
100+.Cm BatchMode
101+option is set (Debian-specific).
102+.Cm ProtocolKeepAlives
103+and
104+.Cm SetupTimeOut
105+are Debian-specific compatibility aliases for this option.
106 .It Cm SetEnv
107 Directly specify one or more environment variables and their contents to
108 be sent to the server.
109@@ -1673,6 +1684,12 @@ Specifies whether the system should send TCP keepalive messages to the
110 other side.
111 If they are sent, death of the connection or crash of one
112 of the machines will be properly noticed.
113+This option only uses TCP keepalives (as opposed to using ssh level
114+keepalives), so takes a long time to notice when the connection dies.
115+As such, you probably want
116+the
117+.Cm ServerAliveInterval
118+option as well.
119 However, this means that
120 connections will die if the route is down temporarily, and some people
121 find it annoying.
122diff --git a/sshd_config.5 b/sshd_config.5
123index f6b41a2f8..ebd09f891 100644
124--- a/sshd_config.5
125+++ b/sshd_config.5
126@@ -1668,6 +1668,9 @@ This avoids infinitely hanging sessions.
127 .Pp
128 To disable TCP keepalive messages, the value should be set to
129 .Cm no .
130+.Pp
131+This option was formerly called
132+.Cm KeepAlive .
133 .It Cm TrustedUserCAKeys
134 Specifies a file containing public keys of certificate authorities that are
135 trusted to sign user certificates for authentication, or