1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
Index: b/readconf.c
===================================================================
--- a/readconf.c
+++ b/readconf.c
@@ -133,6 +133,7 @@
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
+ oProtocolKeepAlives, oSetupTimeOut,
oDeprecated, oUnsupported
} OpCodes;
@@ -246,6 +247,8 @@
#else
{ "zeroknowledgepasswordauthentication", oUnsupported },
#endif
+ { "protocolkeepalives", oProtocolKeepAlives },
+ { "setuptimeout", oSetupTimeOut },
{ NULL, oBadOption }
};
@@ -845,6 +848,8 @@
goto parse_flag;
case oServerAliveInterval:
+ case oProtocolKeepAlives: /* Debian-specific compatibility alias */
+ case oSetupTimeOut: /* Debian-specific compatibility alias */
intptr = &options->server_alive_interval;
goto parse_time;
@@ -1233,8 +1238,13 @@
options->rekey_limit = 0;
if (options->verify_host_key_dns == -1)
options->verify_host_key_dns = 0;
- if (options->server_alive_interval == -1)
- options->server_alive_interval = 0;
+ if (options->server_alive_interval == -1) {
+ /* in batch mode, default is 5mins */
+ if (options->batch_mode == 1)
+ options->server_alive_interval = 300;
+ else
+ options->server_alive_interval = 0;
+ }
if (options->server_alive_count_max == -1)
options->server_alive_count_max = 3;
if (options->control_master == -1)
Index: b/ssh_config.5
===================================================================
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -128,8 +128,12 @@
If set to
.Dq yes ,
passphrase/password querying will be disabled.
+In addition, the
+.Cm ServerAliveInterval
+option will be set to 300 seconds by default.
This option is useful in scripts and other batch jobs where no user
-is present to supply the password.
+is present to supply the password,
+and where it is desirable to detect a broken network swiftly.
The argument must be
.Dq yes
or
@@ -946,8 +950,15 @@
will send a message through the encrypted
channel to request a response from the server.
The default
-is 0, indicating that these messages will not be sent to the server.
+is 0, indicating that these messages will not be sent to the server,
+or 300 if the
+.Cm BatchMode
+option is set.
This option applies to protocol version 2 only.
+.Cm ProtocolKeepAlives
+and
+.Cm SetupTimeOut
+are Debian-specific compatibility aliases for this option.
.It Cm SmartcardDevice
Specifies which smartcard device to use.
The argument to this keyword is the device
@@ -993,6 +1004,12 @@
other side.
If they are sent, death of the connection or crash of one
of the machines will be properly noticed.
+This option only uses TCP keepalives (as opposed to using ssh level
+keepalives), so takes a long time to notice when the connection dies.
+As such, you probably want
+the
+.Cm ServerAliveInterval
+option as well.
However, this means that
connections will die if the route is down temporarily, and some people
find it annoying.
Index: b/sshd_config.5
===================================================================
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -919,6 +919,9 @@
.Pp
To disable TCP keepalive messages, the value should be set to
.Dq no .
+.Pp
+This option was formerly called
+.Cm KeepAlive .
.It Cm UseDNS
Specifies whether
.Xr sshd 8
|
