diff options
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 48 |
1 files changed, 45 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 5c94ffc9c..889def626 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -127,8 +127,15 @@ Valid arguments are | |||
127 | If set to | 127 | If set to |
128 | .Dq yes , | 128 | .Dq yes , |
129 | passphrase/password querying will be disabled. | 129 | passphrase/password querying will be disabled. |
130 | In addition, the | ||
131 | .Cm ServerAliveInterval | ||
132 | and | ||
133 | .Cm SetupTimeOut | ||
134 | options will both be set to 300 seconds by default. | ||
130 | This option is useful in scripts and other batch jobs where no user | 135 | This option is useful in scripts and other batch jobs where no user |
131 | is present to supply the password. | 136 | is present to supply the password, |
137 | and where it is desirable to detect a | ||
138 | broken network swiftly. | ||
132 | The argument must be | 139 | The argument must be |
133 | .Dq yes | 140 | .Dq yes |
134 | or | 141 | or |
@@ -435,7 +442,8 @@ token used for the session will be set to expire after 20 minutes. | |||
435 | Remote clients will be refused access after this time. | 442 | Remote clients will be refused access after this time. |
436 | .Pp | 443 | .Pp |
437 | The default is | 444 | The default is |
438 | .Dq no . | 445 | .Dq yes |
446 | (Debian-specific). | ||
439 | .Pp | 447 | .Pp |
440 | See the X11 SECURITY extension specification for full details on | 448 | See the X11 SECURITY extension specification for full details on |
441 | the restrictions imposed on untrusted clients. | 449 | the restrictions imposed on untrusted clients. |
@@ -838,6 +846,10 @@ If, for example, | |||
838 | .Cm ServerAliveCountMax | 846 | .Cm ServerAliveCountMax |
839 | is left at the default, if the server becomes unresponsive ssh | 847 | is left at the default, if the server becomes unresponsive ssh |
840 | will disconnect after approximately 45 seconds. | 848 | will disconnect after approximately 45 seconds. |
849 | This option works when using protocol version 2 only; in protocol version | ||
850 | 1 there is no mechanism to request a response from the server to the | ||
851 | server alive messages, so disconnection is the responsibility of the TCP | ||
852 | stack. | ||
841 | .It Cm ServerAliveInterval | 853 | .It Cm ServerAliveInterval |
842 | Sets a timeout interval in seconds after which if no data has been received | 854 | Sets a timeout interval in seconds after which if no data has been received |
843 | from the server, | 855 | from the server, |
@@ -845,8 +857,30 @@ from the server, | |||
845 | will send a message through the encrypted | 857 | will send a message through the encrypted |
846 | channel to request a response from the server. | 858 | channel to request a response from the server. |
847 | The default | 859 | The default |
848 | is 0, indicating that these messages will not be sent to the server. | 860 | is 0, indicating that these messages will not be sent to the server, |
861 | or 300 if the | ||
862 | .Cm BatchMode | ||
863 | option is set. | ||
849 | This option applies to protocol version 2 only. | 864 | This option applies to protocol version 2 only. |
865 | .Cm ProtocolKeepAlives | ||
866 | is a Debian-specific compatibility alias for this option. | ||
867 | .It Cm SetupTimeOut | ||
868 | Normally, | ||
869 | .Nm ssh | ||
870 | blocks indefinitely whilst waiting to receive the ssh banner and other | ||
871 | setup protocol from the server, during the session setup. | ||
872 | This can cause | ||
873 | .Nm ssh | ||
874 | to hang under certain circumstances. | ||
875 | If this option is set, | ||
876 | .Nm ssh | ||
877 | will give up if no data from the server is received for the specified | ||
878 | number of seconds. | ||
879 | The argument must be an integer. | ||
880 | The default is 0 (disabled), or 300 if | ||
881 | .Cm BatchMode | ||
882 | is set. | ||
883 | This is a Debian-specific option. | ||
850 | .It Cm SmartcardDevice | 884 | .It Cm SmartcardDevice |
851 | Specifies which smartcard device to use. | 885 | Specifies which smartcard device to use. |
852 | The argument to this keyword is the device | 886 | The argument to this keyword is the device |
@@ -894,6 +928,12 @@ Specifies whether the system should send TCP keepalive messages to the | |||
894 | other side. | 928 | other side. |
895 | If they are sent, death of the connection or crash of one | 929 | If they are sent, death of the connection or crash of one |
896 | of the machines will be properly noticed. | 930 | of the machines will be properly noticed. |
931 | This option only uses TCP keepalives (as opposed to using ssh level | ||
932 | keepalives), so takes a long time to notice when the connection dies. | ||
933 | As such, you probably want | ||
934 | the | ||
935 | .Cm ServerAliveInterval | ||
936 | option as well. | ||
897 | However, this means that | 937 | However, this means that |
898 | connections will die if the route is down temporarily, and some people | 938 | connections will die if the route is down temporarily, and some people |
899 | find it annoying. | 939 | find it annoying. |
@@ -991,6 +1031,8 @@ This file is used by the | |||
991 | client. | 1031 | client. |
992 | Because of the potential for abuse, this file must have strict permissions: | 1032 | Because of the potential for abuse, this file must have strict permissions: |
993 | read/write for the user, and not accessible by others. | 1033 | read/write for the user, and not accessible by others. |
1034 | It may be group-writable provided that the group in question contains only | ||
1035 | the user. | ||
994 | .It Pa /etc/ssh/ssh_config | 1036 | .It Pa /etc/ssh/ssh_config |
995 | Systemwide configuration file. | 1037 | Systemwide configuration file. |
996 | This file provides defaults for those | 1038 | This file provides defaults for those |