From 50a68a21649c42d5587e78cab2c63ee3add81dd4 Mon Sep 17 00:00:00 2001 From: Richard Kettlewell Date: Sun, 9 Feb 2014 16:09:52 +0000 Subject: Various keepalive extensions Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported in previous versions of Debian's OpenSSH package but since superseded by ServerAliveInterval. (We're probably stuck with this bit for compatibility.) In batch mode, default ServerAliveInterval to five minutes. Adjust documentation to match and to give some more advice on use of keepalives. Author: Ian Jackson Author: Matthew Vernon Author: Colin Watson Last-Update: 2023-12-18 Patch-Name: keepalive-extensions.patch --- readconf.c | 14 ++++++++++++-- ssh_config.5 | 21 +++++++++++++++++++-- sshd_config.5 | 3 +++ 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/readconf.c b/readconf.c index 0f0fb67a5..c6e609fca 100644 --- a/readconf.c +++ b/readconf.c @@ -182,6 +182,7 @@ typedef enum { oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize, oEnableEscapeCommandline, oObscureKeystrokeTiming, oChannelTimeout, + oProtocolKeepAlives, oSetupTimeOut, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -345,6 +346,8 @@ static struct { { "enableescapecommandline", oEnableEscapeCommandline }, { "obscurekeystroketiming", oObscureKeystrokeTiming }, { "channeltimeout", oChannelTimeout }, + { "protocolkeepalives", oProtocolKeepAlives }, + { "setuptimeout", oSetupTimeOut }, { NULL, oBadOption } }; @@ -1886,6 +1889,8 @@ parse_pubkey_algos: goto parse_flag; case oServerAliveInterval: + case oProtocolKeepAlives: /* Debian-specific compatibility alias */ + case oSetupTimeOut: /* Debian-specific compatibility alias */ intptr = &options->server_alive_interval; goto parse_time; @@ -2859,8 +2864,13 @@ fill_default_options(Options * options) options->rekey_interval = 0; if (options->verify_host_key_dns == -1) options->verify_host_key_dns = 0; - if (options->server_alive_interval == -1) - options->server_alive_interval = 0; + if (options->server_alive_interval == -1) { + /* in batch mode, default is 5mins */ + if (options->batch_mode == 1) + options->server_alive_interval = 300; + else + options->server_alive_interval = 0; + } if (options->server_alive_count_max == -1) options->server_alive_count_max = 3; if (options->control_master == -1) diff --git a/ssh_config.5 b/ssh_config.5 index 8e8aeb640..6b482ee15 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -297,9 +297,13 @@ If set to .Cm yes , user interaction such as password prompts and host key confirmation requests will be disabled. +In addition, the +.Cm ServerAliveInterval +option will be set to 300 seconds by default (Debian-specific). This option is useful in scripts and other batch jobs where no user is present to interact with -.Xr ssh 1 . +.Xr ssh 1 , +and where it is desirable to detect a broken network swiftly. The argument must be .Cm yes or @@ -1923,7 +1927,14 @@ from the server, will send a message through the encrypted channel to request a response from the server. The default -is 0, indicating that these messages will not be sent to the server. +is 0, indicating that these messages will not be sent to the server, +or 300 if the +.Cm BatchMode +option is set (Debian-specific). +.Cm ProtocolKeepAlives +and +.Cm SetupTimeOut +are Debian-specific compatibility aliases for this option. .It Cm SessionType May be used to either request invocation of a subsystem on the remote system, or to prevent the execution of a remote command at all. @@ -2037,6 +2048,12 @@ Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the connection or crash of one of the machines will be properly noticed. +This option only uses TCP keepalives (as opposed to using ssh level +keepalives), so takes a long time to notice when the connection dies. +As such, you probably want +the +.Cm ServerAliveInterval +option as well. However, this means that connections will die if the route is down temporarily, and some people find it annoying. diff --git a/sshd_config.5 b/sshd_config.5 index c0c1b0d9a..e06ef8abd 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -1859,6 +1859,9 @@ This avoids infinitely hanging sessions. .Pp To disable TCP keepalive messages, the value should be set to .Cm no . +.Pp +This option was formerly called +.Cm KeepAlive . .It Cm TrustedUserCAKeys Specifies a file containing public keys of certificate authorities that are trusted to sign user certificates for authentication, or