diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2001-04-13 22:46:55 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2001-04-13 22:46:55 +0000 |
| commit | 7b24cffaa51e05a9f720f76db36786ff0c5f063a (patch) | |
| tree | 4660b8a9fe634ae8d704ce93976617769f242cbf /usr.bin/ssh/sshd.8 | |
| parent | 61707e99d27a0b20cf9360c587af42a3b3fab2b1 (diff) | |
Add options ClientAliveInterval and ClientAliveCountMax to sshd.
This gives the ability to do a "keepalive" via the encrypted channel
which can't be spoofed (unlike TCP keepalives). Useful for when you want
to use ssh connections to authenticate people for something, and know
relatively quickly when they are no longer authenticated. Disabled
by default (of course). ok markus@
Diffstat (limited to 'usr.bin/ssh/sshd.8')
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index da95eaef717..887cc3ba37a 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.114 2001/04/11 16:25:31 lebel Exp $ +.\" $OpenBSD: sshd.8,v 1.115 2001/04/13 22:46:54 beck Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -363,6 +363,31 @@ Specifies whether should check for new mail for interactive logins. The default is .Dq no . +.It Cm ClientAliveInterval +Sets a timeout interval in seconds after which if no data has been received +from the client, +.Nm +will send a message through the encrypted +channel to request a response from the client. This may only be +used on a server supporting only protocol version 2. The default +is 0, indicating that these messages will not be sent to the client. +.It Cm ClientAliveCountMax +Sets the number of client alive messages (see above) which may be +sent without +.Nm +receiving any messages back from the client. If this threshold is +reached while client alive messages are being sent, +.Nm +will disconnect the client, terminating the session. It is important +to note that the use of client alive messages is very different from +Keepalive (below). The client alive messages are sent through the +encrypted channel and therefore will not be spoofable. The TCP keepalive +option enable by Keepalive is spoofable. You want to use the client +alive mechanism when you are basing something important on +clients having an active connection to the server. + The default is value is 3. If you set ClientAliveInterval +(above) to 15, and leave this value at the default, unresponsive ssh clients +will be disconnected after approximately 45 seconds. .It Cm DenyGroups This keyword can be followed by a number of group names, separated by spaces. |