mirror of git://anongit.mindrot.org/openssh.git
- markus@cvs.openbsd.org 2003/12/09 21:53:37
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] [ssh_config.5 sshconnect.c sshd.c sshd_config.5] rename keepalive to tcpkeepalive; the old name causes too much confusion; ok djm, dtucker; with help from jmc@
This commit is contained in:
parent
9836cf8d71
commit
12c150e7e0
|
@ -12,6 +12,11 @@
|
|||
- markus@cvs.openbsd.org 2003/12/09 17:30:05
|
||||
[ssh.c]
|
||||
don't modify argv for ssh -o; similar to sshd.c 1.283
|
||||
- markus@cvs.openbsd.org 2003/12/09 21:53:37
|
||||
[readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1]
|
||||
[ssh_config.5 sshconnect.c sshd.c sshd_config.5]
|
||||
rename keepalive to tcpkeepalive; the old name causes too much
|
||||
confusion; ok djm, dtucker; with help from jmc@
|
||||
|
||||
20031209
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
|
@ -1581,4 +1586,4 @@
|
|||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3142 2003/12/17 05:30:06 djm Exp $
|
||||
$Id: ChangeLog,v 1.3143 2003/12/17 05:31:10 djm Exp $
|
||||
|
|
19
readconf.c
19
readconf.c
|
@ -12,7 +12,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $");
|
||||
RCSID("$OpenBSD: readconf.c,v 1.126 2003/12/09 21:53:36 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "xmalloc.h"
|
||||
|
@ -78,7 +78,7 @@ RCSID("$OpenBSD: readconf.c,v 1.125 2003/11/12 16:39:58 jakob Exp $");
|
|||
RSAAuthentication yes
|
||||
RhostsRSAAuthentication yes
|
||||
StrictHostKeyChecking yes
|
||||
KeepAlives no
|
||||
TcpKeepAlive no
|
||||
IdentityFile ~/.ssh/identity
|
||||
Port 22
|
||||
EscapeChar ~
|
||||
|
@ -96,7 +96,7 @@ typedef enum {
|
|||
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
|
||||
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
|
||||
oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
|
||||
oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
|
||||
oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
|
||||
oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
|
||||
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
|
||||
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
||||
|
@ -169,7 +169,8 @@ static struct {
|
|||
{ "stricthostkeychecking", oStrictHostKeyChecking },
|
||||
{ "compression", oCompression },
|
||||
{ "compressionlevel", oCompressionLevel },
|
||||
{ "keepalive", oKeepAlives },
|
||||
{ "tcpkeepalive", oTCPKeepAlive },
|
||||
{ "keepalive", oTCPKeepAlive }, /* obsolete */
|
||||
{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
|
||||
{ "loglevel", oLogLevel },
|
||||
{ "dynamicforward", oDynamicForward },
|
||||
|
@ -427,8 +428,8 @@ parse_yesnoask:
|
|||
intptr = &options->compression;
|
||||
goto parse_flag;
|
||||
|
||||
case oKeepAlives:
|
||||
intptr = &options->keepalives;
|
||||
case oTCPKeepAlive:
|
||||
intptr = &options->tcp_keep_alive;
|
||||
goto parse_flag;
|
||||
|
||||
case oNoHostAuthenticationForLocalhost:
|
||||
|
@ -826,7 +827,7 @@ initialize_options(Options * options)
|
|||
options->check_host_ip = -1;
|
||||
options->strict_host_key_checking = -1;
|
||||
options->compression = -1;
|
||||
options->keepalives = -1;
|
||||
options->tcp_keep_alive = -1;
|
||||
options->compression_level = -1;
|
||||
options->port = -1;
|
||||
options->address_family = -1;
|
||||
|
@ -909,8 +910,8 @@ fill_default_options(Options * options)
|
|||
options->strict_host_key_checking = 2; /* 2 is default */
|
||||
if (options->compression == -1)
|
||||
options->compression = 0;
|
||||
if (options->keepalives == -1)
|
||||
options->keepalives = 1;
|
||||
if (options->tcp_keep_alive == -1)
|
||||
options->tcp_keep_alive = 1;
|
||||
if (options->compression_level == -1)
|
||||
options->compression_level = 6;
|
||||
if (options->port == -1)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: readconf.h,v 1.57 2003/11/21 11:57:03 djm Exp $ */
|
||||
/* $OpenBSD: readconf.h,v 1.58 2003/12/09 21:53:36 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -53,7 +53,7 @@ typedef struct {
|
|||
int compression; /* Compress packets in both directions. */
|
||||
int compression_level; /* Compression level 1 (fast) to 9
|
||||
* (best). */
|
||||
int keepalives; /* Set SO_KEEPALIVE. */
|
||||
int tcp_keep_alive; /* Set SO_KEEPALIVE. */
|
||||
LogLevel log_level; /* Level for logging. */
|
||||
|
||||
int port; /* Port to connect. */
|
||||
|
|
4
scp.1
4
scp.1
|
@ -9,7 +9,7 @@
|
|||
.\"
|
||||
.\" Created: Sun May 7 00:14:37 1995 ylo
|
||||
.\"
|
||||
.\" $OpenBSD: scp.1,v 1.30 2003/10/13 08:22:25 markus Exp $
|
||||
.\" $OpenBSD: scp.1,v 1.31 2003/12/09 21:53:36 markus Exp $
|
||||
.\"
|
||||
.Dd September 25, 1999
|
||||
.Dt SCP 1
|
||||
|
@ -137,7 +137,6 @@ For full details of the options listed below, and their possible values, see
|
|||
.It HostKeyAlias
|
||||
.It HostName
|
||||
.It IdentityFile
|
||||
.It KeepAlive
|
||||
.It LogLevel
|
||||
.It MACs
|
||||
.It NoHostAuthenticationForLocalhost
|
||||
|
@ -152,6 +151,7 @@ For full details of the options listed below, and their possible values, see
|
|||
.It RSAAuthentication
|
||||
.It SmartcardDevice
|
||||
.It StrictHostKeyChecking
|
||||
.It TCPKeepAlive
|
||||
.It UsePrivilegedPort
|
||||
.It User
|
||||
.It UserKnownHostsFile
|
||||
|
|
17
servconf.c
17
servconf.c
|
@ -10,7 +10,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: servconf.c,v 1.128 2003/09/29 20:19:57 markus Exp $");
|
||||
RCSID("$OpenBSD: servconf.c,v 1.129 2003/12/09 21:53:36 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "log.h"
|
||||
|
@ -61,7 +61,7 @@ initialize_server_options(ServerOptions *options)
|
|||
options->x11_use_localhost = -1;
|
||||
options->xauth_location = NULL;
|
||||
options->strict_modes = -1;
|
||||
options->keepalives = -1;
|
||||
options->tcp_keep_alive = -1;
|
||||
options->log_facility = SYSLOG_FACILITY_NOT_SET;
|
||||
options->log_level = SYSLOG_LEVEL_NOT_SET;
|
||||
options->rhosts_rsa_authentication = -1;
|
||||
|
@ -159,8 +159,8 @@ fill_default_server_options(ServerOptions *options)
|
|||
options->xauth_location = _PATH_XAUTH;
|
||||
if (options->strict_modes == -1)
|
||||
options->strict_modes = 1;
|
||||
if (options->keepalives == -1)
|
||||
options->keepalives = 1;
|
||||
if (options->tcp_keep_alive == -1)
|
||||
options->tcp_keep_alive = 1;
|
||||
if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
|
||||
options->log_facility = SYSLOG_FACILITY_AUTH;
|
||||
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
|
||||
|
@ -254,7 +254,7 @@ typedef enum {
|
|||
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
|
||||
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
|
||||
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
|
||||
sStrictModes, sEmptyPasswd, sKeepAlives,
|
||||
sStrictModes, sEmptyPasswd, sTCPKeepAlive,
|
||||
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
|
||||
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
|
||||
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
|
||||
|
@ -334,7 +334,8 @@ static struct {
|
|||
{ "permituserenvironment", sPermitUserEnvironment },
|
||||
{ "uselogin", sUseLogin },
|
||||
{ "compression", sCompression },
|
||||
{ "keepalive", sKeepAlives },
|
||||
{ "tcpkeepalive", sTCPKeepAlive },
|
||||
{ "keepalive", sTCPKeepAlive }, /* obsolete alias */
|
||||
{ "allowtcpforwarding", sAllowTcpForwarding },
|
||||
{ "allowusers", sAllowUsers },
|
||||
{ "denyusers", sDenyUsers },
|
||||
|
@ -677,8 +678,8 @@ parse_flag:
|
|||
intptr = &options->strict_modes;
|
||||
goto parse_flag;
|
||||
|
||||
case sKeepAlives:
|
||||
intptr = &options->keepalives;
|
||||
case sTCPKeepAlive:
|
||||
intptr = &options->tcp_keep_alive;
|
||||
goto parse_flag;
|
||||
|
||||
case sEmptyPasswd:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: servconf.h,v 1.65 2003/09/01 18:15:50 markus Exp $ */
|
||||
/* $OpenBSD: servconf.h,v 1.66 2003/12/09 21:53:37 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -58,7 +58,7 @@ typedef struct {
|
|||
int x11_use_localhost; /* If true, use localhost for fake X11 server. */
|
||||
char *xauth_location; /* Location of xauth program */
|
||||
int strict_modes; /* If true, require string home dir modes. */
|
||||
int keepalives; /* If true, set SO_KEEPALIVE. */
|
||||
int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
|
||||
char *ciphers; /* Supported SSH2 ciphers. */
|
||||
char *macs; /* Supported SSH2 macs. */
|
||||
int protocol; /* Supported protocol versions. */
|
||||
|
|
4
sftp.1
4
sftp.1
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: sftp.1,v 1.47 2003/10/13 08:22:25 markus Exp $
|
||||
.\" $OpenBSD: sftp.1,v 1.48 2003/12/09 21:53:37 markus Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
|
||||
.\"
|
||||
|
@ -158,7 +158,6 @@ For full details of the options listed below, and their possible values, see
|
|||
.It HostKeyAlias
|
||||
.It HostName
|
||||
.It IdentityFile
|
||||
.It KeepAlive
|
||||
.It LogLevel
|
||||
.It MACs
|
||||
.It NoHostAuthenticationForLocalhost
|
||||
|
@ -173,6 +172,7 @@ For full details of the options listed below, and their possible values, see
|
|||
.It RSAAuthentication
|
||||
.It SmartcardDevice
|
||||
.It StrictHostKeyChecking
|
||||
.It TCPKeepAlive
|
||||
.It UsePrivilegedPort
|
||||
.It User
|
||||
.It UserKnownHostsFile
|
||||
|
|
4
ssh.1
4
ssh.1
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.179 2003/11/24 00:16:35 dtucker Exp $
|
||||
.\" $OpenBSD: ssh.1,v 1.180 2003/12/09 21:53:37 markus Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
|
@ -634,7 +634,6 @@ For full details of the options listed below, and their possible values, see
|
|||
.It HostKeyAlias
|
||||
.It HostName
|
||||
.It IdentityFile
|
||||
.It KeepAlive
|
||||
.It LocalForward
|
||||
.It LogLevel
|
||||
.It MACs
|
||||
|
@ -651,6 +650,7 @@ For full details of the options listed below, and their possible values, see
|
|||
.It RSAAuthentication
|
||||
.It SmartcardDevice
|
||||
.It StrictHostKeyChecking
|
||||
.It TCPKeepAlive
|
||||
.It UsePrivilegedPort
|
||||
.It User
|
||||
.It UserKnownHostsFile
|
||||
|
|
36
ssh_config.5
36
ssh_config.5
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.25 2003/11/12 20:14:51 jmc Exp $
|
||||
.\" $OpenBSD: ssh_config.5,v 1.26 2003/12/09 21:53:37 markus Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
|
@ -408,23 +408,6 @@ syntax to refer to a user's home directory.
|
|||
It is possible to have
|
||||
multiple identity files specified in configuration files; all these
|
||||
identities will be tried in sequence.
|
||||
.It Cm KeepAlive
|
||||
Specifies whether the system should send TCP keepalive messages to the
|
||||
other side.
|
||||
If they are sent, death of the connection or crash of one
|
||||
of the machines will be properly noticed.
|
||||
However, this means that
|
||||
connections will die if the route is down temporarily, and some people
|
||||
find it annoying.
|
||||
.Pp
|
||||
The default is
|
||||
.Dq yes
|
||||
(to send keepalives), and the client will notice
|
||||
if the network goes down or the remote host dies.
|
||||
This is important in scripts, and many users want it too.
|
||||
.Pp
|
||||
To disable keepalives, the value should be set to
|
||||
.Dq no .
|
||||
.It Cm LocalForward
|
||||
Specifies that a TCP/IP port on the local machine be forwarded over
|
||||
the secure channel to the specified host and port from the remote machine.
|
||||
|
@ -613,6 +596,23 @@ or
|
|||
.Dq ask .
|
||||
The default is
|
||||
.Dq ask .
|
||||
.It Cm TCPKeepAlive
|
||||
Specifies whether the system should send TCP keepalive messages to the
|
||||
other side.
|
||||
If they are sent, death of the connection or crash of one
|
||||
of the machines will be properly noticed.
|
||||
However, this means that
|
||||
connections will die if the route is down temporarily, and some people
|
||||
find it annoying.
|
||||
.Pp
|
||||
The default is
|
||||
.Dq yes
|
||||
(to send TCP keepalive messages), and the client will notice
|
||||
if the network goes down or the remote host dies.
|
||||
This is important in scripts, and many users want it too.
|
||||
.Pp
|
||||
To disable TCP keepalive messages, the value should be set to
|
||||
.Dq no .
|
||||
.It Cm UsePrivilegedPort
|
||||
Specifies whether to use a privileged port for outgoing connections.
|
||||
The argument must be
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.154 2003/11/21 11:57:03 djm Exp $");
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.155 2003/12/09 21:53:37 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
|
@ -415,8 +415,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
|
|||
|
||||
debug("Connection established.");
|
||||
|
||||
/* Set keepalives if requested. */
|
||||
if (options.keepalives &&
|
||||
/* Set SO_KEEPALIVE if requested. */
|
||||
if (options.tcp_keep_alive &&
|
||||
setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
|
||||
sizeof(on)) < 0)
|
||||
error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
|
||||
|
|
6
sshd.c
6
sshd.c
|
@ -42,7 +42,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshd.c,v 1.283 2003/12/09 17:29:04 markus Exp $");
|
||||
RCSID("$OpenBSD: sshd.c,v 1.284 2003/12/09 21:53:37 markus Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
|
@ -1398,8 +1398,8 @@ main(int ac, char **av)
|
|||
signal(SIGCHLD, SIG_DFL);
|
||||
signal(SIGINT, SIG_DFL);
|
||||
|
||||
/* Set keepalives if requested. */
|
||||
if (options.keepalives &&
|
||||
/* Set SO_KEEPALIVE if requested. */
|
||||
if (options.tcp_keep_alive &&
|
||||
setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
|
||||
sizeof(on)) < 0)
|
||||
error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.26 2003/11/21 11:57:03 djm Exp $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.27 2003/12/09 21:53:37 markus Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
|
@ -156,12 +156,12 @@ If this threshold is reached while client alive messages are being sent,
|
|||
will disconnect the client, terminating the session.
|
||||
It is important to note that the use of client alive messages is very
|
||||
different from
|
||||
.Cm KeepAlive
|
||||
.Cm TCPKeepAlive
|
||||
(below).
|
||||
The client alive messages are sent through the encrypted channel
|
||||
and therefore will not be spoofable.
|
||||
The TCP keepalive option enabled by
|
||||
.Cm KeepAlive
|
||||
.Cm TCPKeepAlive
|
||||
is spoofable.
|
||||
The client alive mechanism is valuable when the client or
|
||||
server depend on knowing when a connection has become inactive.
|
||||
|
@ -292,27 +292,6 @@ or
|
|||
.Cm HostbasedAuthentication .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm KeepAlive
|
||||
Specifies whether the system should send TCP keepalive messages to the
|
||||
other side.
|
||||
If they are sent, death of the connection or crash of one
|
||||
of the machines will be properly noticed.
|
||||
However, this means that
|
||||
connections will die if the route is down temporarily, and some people
|
||||
find it annoying.
|
||||
On the other hand, if keepalives are not sent,
|
||||
sessions may hang indefinitely on the server, leaving
|
||||
.Dq ghost
|
||||
users and consuming server resources.
|
||||
.Pp
|
||||
The default is
|
||||
.Dq yes
|
||||
(to send keepalives), and the server will notice
|
||||
if the network goes down or the client host crashes.
|
||||
This avoids infinitely hanging sessions.
|
||||
.Pp
|
||||
To disable keepalives, the value should be set to
|
||||
.Dq no .
|
||||
.It Cm KerberosAuthentication
|
||||
Specifies whether the password provided by the user for
|
||||
.Cm PasswordAuthentication
|
||||
|
@ -580,6 +559,27 @@ Gives the facility code that is used when logging messages from
|
|||
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
|
||||
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
|
||||
The default is AUTH.
|
||||
.It Cm TCPKeepAlive
|
||||
Specifies whether the system should send TCP keepalive messages to the
|
||||
other side.
|
||||
If they are sent, death of the connection or crash of one
|
||||
of the machines will be properly noticed.
|
||||
However, this means that
|
||||
connections will die if the route is down temporarily, and some people
|
||||
find it annoying.
|
||||
On the other hand, if TCP keepalives are not sent,
|
||||
sessions may hang indefinitely on the server, leaving
|
||||
.Dq ghost
|
||||
users and consuming server resources.
|
||||
.Pp
|
||||
The default is
|
||||
.Dq yes
|
||||
(to send TCP keepalive messages), and the server will notice
|
||||
if the network goes down or the client host crashes.
|
||||
This avoids infinitely hanging sessions.
|
||||
.Pp
|
||||
To disable TCP keepalive messages, the value should be set to
|
||||
.Dq no .
|
||||
.It Cm UseDNS
|
||||
Specifies whether
|
||||
.Nm sshd
|
||||
|
|
Loading…
Reference in New Issue