1 Description: Various keepalive extensions
2 Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut,
3 supported in previous versions of Debian's OpenSSH package but since
4 superseded by ServerAliveInterval. (We're probably stuck with this bit for
7 In batch mode, default ServerAliveInterval to five minutes.
9 Adjust documentation to match and to give some more advice on use of
11 Author: Richard Kettlewell <rjk@greenend.org.uk>
12 Author: Ian Jackson <ian@chiark.greenend.org.uk>
13 Author: Matthew Vernon <matthew@debian.org>
14 Author: Colin Watson <cjwatson@debian.org>
15 Last-Update: 2010-02-27
18 ===================================================================
22 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
23 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
24 oKexAlgorithms, oIPQoS,
25 + oProtocolKeepAlives, oSetupTimeOut,
26 oDeprecated, oUnsupported
31 { "kexalgorithms", oKexAlgorithms },
33 + { "protocolkeepalives", oProtocolKeepAlives },
34 + { "setuptimeout", oSetupTimeOut },
41 case oServerAliveInterval:
42 + case oProtocolKeepAlives: /* Debian-specific compatibility alias */
43 + case oSetupTimeOut: /* Debian-specific compatibility alias */
44 intptr = &options->server_alive_interval;
47 @@ -1336,8 +1341,13 @@
48 options->rekey_limit = 0;
49 if (options->verify_host_key_dns == -1)
50 options->verify_host_key_dns = 0;
51 - if (options->server_alive_interval == -1)
52 - options->server_alive_interval = 0;
53 + if (options->server_alive_interval == -1) {
54 + /* in batch mode, default is 5mins */
55 + if (options->batch_mode == 1)
56 + options->server_alive_interval = 300;
58 + options->server_alive_interval = 0;
60 if (options->server_alive_count_max == -1)
61 options->server_alive_count_max = 3;
62 if (options->control_master == -1)
64 ===================================================================
70 passphrase/password querying will be disabled.
72 +.Cm ServerAliveInterval
73 +option will be set to 300 seconds by default.
74 This option is useful in scripts and other batch jobs where no user
75 -is present to supply the password.
76 +is present to supply the password,
77 +and where it is desirable to detect a broken network swiftly.
81 @@ -1058,8 +1062,15 @@
82 will send a message through the encrypted
83 channel to request a response from the server.
85 -is 0, indicating that these messages will not be sent to the server.
86 +is 0, indicating that these messages will not be sent to the server,
90 This option applies to protocol version 2 only.
91 +.Cm ProtocolKeepAlives
94 +are Debian-specific compatibility aliases for this option.
95 .It Cm StrictHostKeyChecking
96 If this flag is set to
98 @@ -1098,6 +1109,12 @@
100 If they are sent, death of the connection or crash of one
101 of the machines will be properly noticed.
102 +This option only uses TCP keepalives (as opposed to using ssh level
103 +keepalives), so takes a long time to notice when the connection dies.
104 +As such, you probably want
106 +.Cm ServerAliveInterval
108 However, this means that
109 connections will die if the route is down temporarily, and some people
111 Index: b/sshd_config.5
112 ===================================================================
115 @@ -1034,6 +1034,9 @@
117 To disable TCP keepalive messages, the value should be set to
120 +This option was formerly called
122 .It Cm TrustedUserCAKeys
123 Specifies a file containing public keys of certificate authorities that are
124 trusted to sign user certificates for authentication.