149 lines
5.3 KiB
Diff
149 lines
5.3 KiB
Diff
From d3fc1f4d6bf0c2a857af1d5f90e7a0b061cdb490 Mon Sep 17 00:00:00 2001
|
|
From: Richard Kettlewell <rjk@greenend.org.uk>
|
|
Date: Sun, 9 Feb 2014 16:09:52 +0000
|
|
Subject: Various keepalive extensions
|
|
|
|
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported
|
|
in previous versions of Debian's OpenSSH package but since superseded by
|
|
ServerAliveInterval. (We're probably stuck with this bit for
|
|
compatibility.)
|
|
|
|
In batch mode, default ServerAliveInterval to five minutes.
|
|
|
|
Adjust documentation to match and to give some more advice on use of
|
|
keepalives.
|
|
|
|
Author: Ian Jackson <ian@chiark.greenend.org.uk>
|
|
Author: Matthew Vernon <matthew@debian.org>
|
|
Author: Colin Watson <cjwatson@debian.org>
|
|
Last-Update: 2025-04-10
|
|
|
|
Patch-Name: keepalive-extensions.patch
|
|
---
|
|
readconf.c | 14 ++++++++++++--
|
|
ssh_config.5 | 21 +++++++++++++++++++--
|
|
sshd_config.5 | 3 +++
|
|
3 files changed, 34 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/readconf.c b/readconf.c
|
|
index 2b6f2c1e3..5a38016eb 100644
|
|
--- a/readconf.c
|
|
+++ b/readconf.c
|
|
@@ -184,6 +184,7 @@ typedef enum {
|
|
oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize,
|
|
oEnableEscapeCommandline, oObscureKeystrokeTiming, oChannelTimeout,
|
|
oVersionAddendum,
|
|
+ oProtocolKeepAlives, oSetupTimeOut,
|
|
oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
|
|
} OpCodes;
|
|
|
|
@@ -348,6 +349,8 @@ static struct {
|
|
{ "obscurekeystroketiming", oObscureKeystrokeTiming },
|
|
{ "channeltimeout", oChannelTimeout },
|
|
{ "versionaddendum", oVersionAddendum },
|
|
+ { "protocolkeepalives", oProtocolKeepAlives },
|
|
+ { "setuptimeout", oSetupTimeOut },
|
|
|
|
{ NULL, oBadOption }
|
|
};
|
|
@@ -1230,6 +1233,7 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
|
|
argv_consume(&ac);
|
|
break;
|
|
case oConnectTimeout:
|
|
+ case oSetupTimeOut: /* Debian-specific compatibility alias */
|
|
intptr = &options->connection_timeout;
|
|
parse_time:
|
|
arg = argv_next(&ac, &av);
|
|
@@ -1972,6 +1976,7 @@ parse_pubkey_algos:
|
|
goto parse_flag;
|
|
|
|
case oServerAliveInterval:
|
|
+ case oProtocolKeepAlives: /* Debian-specific compatibility alias */
|
|
intptr = &options->server_alive_interval;
|
|
goto parse_time;
|
|
|
|
@@ -2980,8 +2985,13 @@ fill_default_options(Options * options)
|
|
options->rekey_interval = 0;
|
|
if (options->verify_host_key_dns == -1)
|
|
options->verify_host_key_dns = 0;
|
|
- if (options->server_alive_interval == -1)
|
|
- options->server_alive_interval = 0;
|
|
+ if (options->server_alive_interval == -1) {
|
|
+ /* in batch mode, default is 5mins */
|
|
+ if (options->batch_mode == 1)
|
|
+ options->server_alive_interval = 300;
|
|
+ else
|
|
+ options->server_alive_interval = 0;
|
|
+ }
|
|
if (options->server_alive_count_max == -1)
|
|
options->server_alive_count_max = 3;
|
|
if (options->control_master == -1)
|
|
diff --git a/ssh_config.5 b/ssh_config.5
|
|
index cb65089f6..a82ea54db 100644
|
|
--- a/ssh_config.5
|
|
+++ b/ssh_config.5
|
|
@@ -335,9 +335,13 @@ If set to
|
|
.Cm yes ,
|
|
user interaction such as password prompts and host key confirmation requests
|
|
will be disabled.
|
|
+In addition, the
|
|
+.Cm ServerAliveInterval
|
|
+option will be set to 300 seconds by default (Debian-specific).
|
|
This option is useful in scripts and other batch jobs where no user
|
|
is present to interact with
|
|
-.Xr ssh 1 .
|
|
+.Xr ssh 1 ,
|
|
+and where it is desirable to detect a broken network swiftly.
|
|
The argument must be
|
|
.Cm yes
|
|
or
|
|
@@ -658,6 +662,8 @@ Specifies the timeout (in seconds) used when connecting to the
|
|
SSH server, instead of using the default system TCP timeout.
|
|
This timeout is applied both to establishing the connection and to performing
|
|
the initial SSH protocol handshake and key exchange.
|
|
+.Cm SetupTimeOut
|
|
+is a Debian-specific compatibility alias for this option.
|
|
.It Cm ControlMaster
|
|
Enables the sharing of multiple sessions over a single network connection.
|
|
When set to
|
|
@@ -1982,7 +1988,12 @@ from the server,
|
|
will send a message through the encrypted
|
|
channel to request a response from the server.
|
|
The default
|
|
-is 0, indicating that these messages will not be sent to the server.
|
|
+is 0, indicating that these messages will not be sent to the server,
|
|
+or 300 if the
|
|
+.Cm BatchMode
|
|
+option is set (Debian-specific).
|
|
+.Cm ProtocolKeepAlives
|
|
+is a Debian-specific compatibility alias for this option.
|
|
.It Cm SessionType
|
|
May be used to either request invocation of a subsystem on the remote system,
|
|
or to prevent the execution of a remote command at all.
|
|
@@ -2105,6 +2116,12 @@ Specifies whether the system should send TCP keepalive messages to the
|
|
other side.
|
|
If they are sent, death of the connection or crash of one
|
|
of the machines will be properly noticed.
|
|
+This option only uses TCP keepalives (as opposed to using ssh level
|
|
+keepalives), so takes a long time to notice when the connection dies.
|
|
+As such, you probably want
|
|
+the
|
|
+.Cm ServerAliveInterval
|
|
+option as well.
|
|
However, this means that
|
|
connections will die if the route is down temporarily, and some people
|
|
find it annoying.
|
|
diff --git a/sshd_config.5 b/sshd_config.5
|
|
index c36484972..b79e8a3ee 100644
|
|
--- a/sshd_config.5
|
|
+++ b/sshd_config.5
|
|
@@ -1996,6 +1996,9 @@ This avoids infinitely hanging sessions.
|
|
.Pp
|
|
To disable TCP keepalive messages, the value should be set to
|
|
.Cm no .
|
|
+.Pp
|
|
+This option was formerly called
|
|
+.Cm KeepAlive .
|
|
.It Cm TrustedUserCAKeys
|
|
Specifies a file containing public keys of certificate authorities that are
|
|
trusted to sign user certificates for authentication, or
|