summaryrefslogtreecommitdiff
path: root/sshd.8
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-04-13 23:28:01 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-04-13 23:28:01 +0000
commit5744dc421d035c701b6660a58bed0d038c211375 (patch)
treea7c8df98b56a37c9be2fb3e33893e90424a85379 /sshd.8
parent402b3319456c1f0da0822319c3813c68e155726d (diff)
- beck@cvs.openbsd.org 2001/04/13 22:46:54
[channels.c channels.h servconf.c servconf.h serverloop.c sshd.8] Add options ClientAliveInterval and ClientAliveCountMax to sshd. This gives the ability to do a "keepalive" via the encrypted channel which can't be spoofed (unlike TCP keepalives). Useful for when you want to use ssh connections to authenticate people for something, and know relatively quickly when they are no longer authenticated. Disabled by default (of course). ok markus@
Diffstat (limited to 'sshd.8')
-rw-r--r--sshd.827
1 files changed, 26 insertions, 1 deletions
diff --git a/sshd.8 b/sshd.8
index da95eaef..887cc3ba 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.114 2001/04/11 16:25:31 lebel Exp $
+.\" $OpenBSD: sshd.8,v 1.115 2001/04/13 22:46:54 beck Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -363,6 +363,31 @@ Specifies whether
should check for new mail for interactive logins.
The default is
.Dq no .
+.It Cm ClientAliveInterval
+Sets a timeout interval in seconds after which if no data has been received
+from the client,
+.Nm
+will send a message through the encrypted
+channel to request a response from the client. This may only be
+used on a server supporting only protocol version 2. The default
+is 0, indicating that these messages will not be sent to the client.
+.It Cm ClientAliveCountMax
+Sets the number of client alive messages (see above) which may be
+sent without
+.Nm
+receiving any messages back from the client. If this threshold is
+reached while client alive messages are being sent,
+.Nm
+will disconnect the client, terminating the session. It is important
+to note that the use of client alive messages is very different from
+Keepalive (below). The client alive messages are sent through the
+encrypted channel and therefore will not be spoofable. The TCP keepalive
+option enable by Keepalive is spoofable. You want to use the client
+alive mechanism when you are basing something important on
+clients having an active connection to the server.
+ The default is value is 3. If you set ClientAliveInterval
+(above) to 15, and leave this value at the default, unresponsive ssh clients
+will be disconnected after approximately 45 seconds.
.It Cm DenyGroups
This keyword can be followed by a number of group names, separated
by spaces.