1 files changed, 45 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 5c94ffc9c..889def626 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -127,8 +127,15 @@ Valid arguments are
 If set to
 .Dq yes ,
 passphrase/password querying will be disabled.
+In addition, the 
+.Cm ServerAliveInterval 
+and
+.Cm SetupTimeOut
+options will both be set to 300 seconds by default.
 This option is useful in scripts and other batch jobs where no user
-is present to supply the password.
+is present to supply the password,
+and where it is desirable to detect a
+broken network swiftly.
 The argument must be
 .Dq yes
 or
@@ -435,7 +442,8 @@ token used for the session will be set to expire after 20 minutes.
 Remote clients will be refused access after this time.
 .Pp
 The default is
-.Dq no .
+.Dq yes
+(Debian-specific).
 .Pp
 See the X11 SECURITY extension specification for full details on
 the restrictions imposed on untrusted clients.
@@ -838,6 +846,10 @@ If, for example,
 .Cm ServerAliveCountMax
 is left at the default, if the server becomes unresponsive ssh
 will disconnect after approximately 45 seconds.
+This option works when using protocol version 2 only; in protocol version
+1 there is no mechanism to request a response from the server to the
+server alive messages, so disconnection is the responsibility of the TCP
+stack.
 .It Cm ServerAliveInterval
 Sets a timeout interval in seconds after which if no data has been received
 from the server,
@@ -845,8 +857,30 @@ from the server,
 will send a message through the encrypted
 channel to request a response from the server.
 The default
-is 0, indicating that these messages will not be sent to the server.
+is 0, indicating that these messages will not be sent to the server,
+or 300 if the
+.Cm BatchMode
+option is set.
 This option applies to protocol version 2 only.
+.Cm ProtocolKeepAlives
+is a Debian-specific compatibility alias for this option.
+.It Cm SetupTimeOut
+Normally,
+.Nm ssh
+blocks indefinitely whilst waiting to receive the ssh banner and other
+setup protocol from the server, during the session setup.
+This can cause
+.Nm ssh
+to hang under certain circumstances.
+If this option is set,
+.Nm ssh
+will give up if no data from the server is received for the specified
+number of seconds.
+The argument must be an integer.
+The default is 0 (disabled), or 300 if
+.Cm BatchMode
+is set.
+This is a Debian-specific option.
 .It Cm SmartcardDevice
 Specifies which smartcard device to use.
 The argument to this keyword is the device
@@ -894,6 +928,12 @@ Specifies whether the system should send TCP keepalive messages to the
 other side.
 If they are sent, death of the connection or crash of one
 of the machines will be properly noticed.
+This option only uses TCP keepalives (as opposed to using ssh level
+keepalives), so takes a long time to notice when the connection dies.
+As such, you probably want
+the
+.Cm ServerAliveInterval
+option as well.
 However, this means that
 connections will die if the route is down temporarily, and some people
 find it annoying.
@@ -991,6 +1031,8 @@ This file is used by the
 client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
+It may be group-writable provided that the group in question contains only
+the user.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those

diff --git a/ssh_config.5 b/ssh_config.5 index 5c94ffc9c..889def626 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -127,8 +127,15 @@ Valid arguments are
127	If set to	127	If set to
128	.Dq yes ,	128	.Dq yes ,
129	passphrase/password querying will be disabled.	129	passphrase/password querying will be disabled.
		130	In addition, the
		131	.Cm ServerAliveInterval
		132	and
		133	.Cm SetupTimeOut
		134	options will both be set to 300 seconds by default.
130	This option is useful in scripts and other batch jobs where no user	135	This option is useful in scripts and other batch jobs where no user
131	is present to supply the password.	136	is present to supply the password,
		137	and where it is desirable to detect a
		138	broken network swiftly.
132	The argument must be	139	The argument must be
133	.Dq yes	140	.Dq yes
134	or	141	or
@@ -435,7 +442,8 @@ token used for the session will be set to expire after 20 minutes.
435	Remote clients will be refused access after this time.	442	Remote clients will be refused access after this time.
436	.Pp	443	.Pp
437	The default is	444	The default is
438	.Dq no .	445	.Dq yes
		446	(Debian-specific).
439	.Pp	447	.Pp
440	See the X11 SECURITY extension specification for full details on	448	See the X11 SECURITY extension specification for full details on
441	the restrictions imposed on untrusted clients.	449	the restrictions imposed on untrusted clients.
@@ -838,6 +846,10 @@ If, for example,
838	.Cm ServerAliveCountMax	846	.Cm ServerAliveCountMax
839	is left at the default, if the server becomes unresponsive ssh	847	is left at the default, if the server becomes unresponsive ssh
840	will disconnect after approximately 45 seconds.	848	will disconnect after approximately 45 seconds.
		849	This option works when using protocol version 2 only; in protocol version
		850	1 there is no mechanism to request a response from the server to the
		851	server alive messages, so disconnection is the responsibility of the TCP
		852	stack.
841	.It Cm ServerAliveInterval	853	.It Cm ServerAliveInterval
842	Sets a timeout interval in seconds after which if no data has been received	854	Sets a timeout interval in seconds after which if no data has been received
843	from the server,	855	from the server,
@@ -845,8 +857,30 @@ from the server,
845	will send a message through the encrypted	857	will send a message through the encrypted
846	channel to request a response from the server.	858	channel to request a response from the server.
847	The default	859	The default
848	is 0, indicating that these messages will not be sent to the server.	860	is 0, indicating that these messages will not be sent to the server,
		861	or 300 if the
		862	.Cm BatchMode
		863	option is set.
849	This option applies to protocol version 2 only.	864	This option applies to protocol version 2 only.
		865	.Cm ProtocolKeepAlives
		866	is a Debian-specific compatibility alias for this option.
		867	.It Cm SetupTimeOut
		868	Normally,
		869	.Nm ssh
		870	blocks indefinitely whilst waiting to receive the ssh banner and other
		871	setup protocol from the server, during the session setup.
		872	This can cause
		873	.Nm ssh
		874	to hang under certain circumstances.
		875	If this option is set,
		876	.Nm ssh
		877	will give up if no data from the server is received for the specified
		878	number of seconds.
		879	The argument must be an integer.
		880	The default is 0 (disabled), or 300 if
		881	.Cm BatchMode
		882	is set.
		883	This is a Debian-specific option.
850	.It Cm SmartcardDevice	884	.It Cm SmartcardDevice
851	Specifies which smartcard device to use.	885	Specifies which smartcard device to use.
852	The argument to this keyword is the device	886	The argument to this keyword is the device
@@ -894,6 +928,12 @@ Specifies whether the system should send TCP keepalive messages to the
894	other side.	928	other side.
895	If they are sent, death of the connection or crash of one	929	If they are sent, death of the connection or crash of one
896	of the machines will be properly noticed.	930	of the machines will be properly noticed.
		931	This option only uses TCP keepalives (as opposed to using ssh level
		932	keepalives), so takes a long time to notice when the connection dies.
		933	As such, you probably want
		934	the
		935	.Cm ServerAliveInterval
		936	option as well.
897	However, this means that	937	However, this means that
898	connections will die if the route is down temporarily, and some people	938	connections will die if the route is down temporarily, and some people
899	find it annoying.	939	find it annoying.
@@ -991,6 +1031,8 @@ This file is used by the
991	client.	1031	client.
992	Because of the potential for abuse, this file must have strict permissions:	1032	Because of the potential for abuse, this file must have strict permissions:
993	read/write for the user, and not accessible by others.	1033	read/write for the user, and not accessible by others.
		1034	It may be group-writable provided that the group in question contains only
		1035	the user.
994	.It Pa /etc/ssh/ssh_config	1036	.It Pa /etc/ssh/ssh_config
995	Systemwide configuration file.	1037	Systemwide configuration file.
996	This file provides defaults for those	1038	This file provides defaults for those