Print this page
OS-1282 smartos' OpenSSH "KeepAlive" config var differs from "TCPKeepAlive" name in current OpenSSH

Split Close
Expand all
Collapse all
          --- old/usr/src/man/man4/sshd_config.4
          +++ new/usr/src/man/man4/sshd_config.4
   1    1  '\" te
   2    2  .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
        3 +.\" Copyright (c) 2012, Joyent, Inc. All Rights Reserved.
   3    4  .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
   4    5  .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
   5    6  .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   6    7  .TH SSHD_CONFIG 4 "Mar 26, 2009"
   7    8  .SH NAME
   8    9  sshd_config \- sshd configuration file
   9   10  .SH SYNOPSIS
  10   11  .LP
  11   12  .nf
  12   13  \fB/etc/ssh/sshd_config\fR
↓ open down ↓ 149 lines elided ↑ open up ↑
 162  163  .ne 2
 163  164  .na
 164  165  \fB\fBClientAliveCountMax\fR\fR
 165  166  .ad
 166  167  .sp .6
 167  168  .RS 4n
 168  169  Sets the number of client alive messages, (see \fBClientAliveInterval\fR), that
 169  170  can be sent without \fBsshd\fR receiving any messages back from the client. If
 170  171  this threshold is reached while client alive messages are being sent,
 171  172  \fBsshd\fR disconnects the client, terminating the session. The use of client
 172      -alive messages is very different from \fBKeepAlive\fR. The client alive
      173 +alive messages is very different from \fBTCPKeepAlive\fR. The client alive
 173  174  messages are sent through the encrypted channel and therefore are not
 174      -spoofable. The TCP keepalive option enabled by \fBKeepAlive\fR is spoofable.
      175 +spoofable. The TCP keepalive option enabled by \fBTCPKeepAlive\fR is spoofable.
 175  176  The client alive mechanism is valuable when a client or server depend on
 176  177  knowing when a connection has become inactive.
 177  178  .sp
 178  179  The default value is 3. If \fBClientAliveInterval\fR is set to 15, and
 179  180  \fBClientAliveCountMax\fR is left at the default, unresponsive \fBssh\fR
 180  181  clients are disconnected after approximately 45 seconds.
 181  182  .RE
 182  183  
 183  184  .sp
 184  185  .ne 2
↓ open down ↓ 210 lines elided ↑ open up ↑
 395  396  .sp .6
 396  397  .RS 4n
 397  398  Specifies whether authentication by means of the "keyboard-interactive"
 398  399  authentication method (and PAM) is allowed. Defaults to \fByes\fR. (Deprecated:
 399  400  this parameter can only be set to \fByes\fR.)
 400  401  .RE
 401  402  
 402  403  .sp
 403  404  .ne 2
 404  405  .na
 405      -\fB\fBKeepAlive\fR\fR
      406 +\fB\fBTCPKeepAlive\fR\fR
 406  407  .ad
 407  408  .sp .6
 408  409  .RS 4n
 409  410  Specifies whether the system should send keepalive messages to the other side.
 410  411  If they are sent, death of the connection or crash of one of the machines is
 411  412  properly noticed. However, this means that connections die if the route is down
 412  413  temporarily, which can be an annoyance. On the other hand, if keepalives are
 413  414  not sent, sessions can hang indefinitely on the server, leaving ghost users and
 414  415  consuming server resources.
 415  416  .sp
↓ open down ↓ 596 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX