From 5744dc421d035c701b6660a58bed0d038c211375 Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Fri, 13 Apr 2001 23:28:01 +0000
Subject:    - beck@cvs.openbsd.org 2001/04/13 22:46:54      [channels.c
 channels.h servconf.c servconf.h serverloop.c sshd.8]      Add options
 ClientAliveInterval and ClientAliveCountMax to sshd.      This gives the
 ability to do a "keepalive" via the encrypted channel      which can't be
 spoofed (unlike TCP keepalives). Useful for when you want      to use ssh
 connections to authenticate people for something, and know      relatively
 quickly when they are no longer authenticated. Disabled      by default (of
 course). ok markus@

---
 sshd.8 | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'sshd.8')

diff --git a/sshd.8 b/sshd.8
index da95eaef7..887cc3ba3 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.114 2001/04/11 16:25:31 lebel Exp $
+.\" $OpenBSD: sshd.8,v 1.115 2001/04/13 22:46:54 beck Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -363,6 +363,31 @@ Specifies whether
 should check for new mail for interactive logins.
 The default is
 .Dq no .
+.It Cm ClientAliveInterval
+Sets a timeout interval in seconds after which if no data has been received
+from the client, 
+.Nm
+will send a message through the encrypted
+channel to request a response from the client. This may only be
+used on a server supporting only protocol version 2. The default
+is 0, indicating that these messages will not be sent to the client.
+.It Cm ClientAliveCountMax
+Sets the number of client alive messages (see above) which may be
+sent without
+.Nm
+receiving any messages back from the client. If this threshold is
+reached while client alive messages are being sent, 
+.Nm
+will disconnect the client, terminating the session. It is important
+to note that the use of client alive messages is very different from 
+Keepalive (below). The client alive messages are sent through the
+encrypted channel and therefore will not be spoofable. The TCP keepalive
+option enable by Keepalive is spoofable. You want to use the client
+alive mechanism when you are basing something important on
+clients having an active connection to the server.
+ The default is value is 3. If you set ClientAliveInterval
+(above) to 15, and leave this value at the default, unresponsive ssh clients
+will be disconnected after approximately 45 seconds. 
 .It Cm DenyGroups
 This keyword can be followed by a number of group names, separated
 by spaces.
-- 
cgit v1.2.3