version 1.14.2.2, 2003/09/16 20:50:44 |
version 1.14.2.3, 2004/03/04 18:18:17 |
|
|
will disconnect the client, terminating the session. |
will disconnect the client, terminating the session. |
It is important to note that the use of client alive messages is very |
It is important to note that the use of client alive messages is very |
different from |
different from |
.Cm KeepAlive |
.Cm TCPKeepAlive |
(below). |
(below). |
The client alive messages are sent through the encrypted channel |
The client alive messages are sent through the encrypted channel |
and therefore will not be spoofable. |
and therefore will not be spoofable. |
The TCP keepalive option enabled by |
The TCP keepalive option enabled by |
.Cm KeepAlive |
.Cm TCPKeepAlive |
is spoofable. |
is spoofable. |
The client alive mechanism is valuable when the client or |
The client alive mechanism is valuable when the client or |
server depend on knowing when a connection has become inactive. |
server depend on knowing when a connection has become inactive. |
|
|
.Dq no . |
.Dq no . |
.It Cm GSSAPIAuthentication |
.It Cm GSSAPIAuthentication |
Specifies whether user authentication based on GSSAPI is allowed. |
Specifies whether user authentication based on GSSAPI is allowed. |
The default is |
The default is |
.Dq no . |
.Dq no . |
Note that this option applies to protocol version 2 only. |
Note that this option applies to protocol version 2 only. |
.It Cm GSSAPICleanupCredentials |
.It Cm GSSAPICleanupCredentials |
|
|
.Cm HostbasedAuthentication . |
.Cm HostbasedAuthentication . |
The default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm KeepAlive |
|
Specifies whether the system should send TCP keepalive messages to the |
|
other side. |
|
If they are sent, death of the connection or crash of one |
|
of the machines will be properly noticed. |
|
However, this means that |
|
connections will die if the route is down temporarily, and some people |
|
find it annoying. |
|
On the other hand, if keepalives are not sent, |
|
sessions may hang indefinitely on the server, leaving |
|
.Dq ghost |
|
users and consuming server resources. |
|
.Pp |
|
The default is |
|
.Dq yes |
|
(to send keepalives), and the server will notice |
|
if the network goes down or the client host crashes. |
|
This avoids infinitely hanging sessions. |
|
.Pp |
|
To disable keepalives, the value should be set to |
|
.Dq no . |
|
.It Cm KerberosAuthentication |
.It Cm KerberosAuthentication |
Specifies whether the password provided by the user for |
Specifies whether the password provided by the user for |
.Cm PasswordAuthentication |
.Cm PasswordAuthentication |
|
|
The default is |
The default is |
.Dq yes . |
.Dq yes . |
Note that this option applies to protocol version 2 only. |
Note that this option applies to protocol version 2 only. |
.Cm RhostsRSAAuthentication |
|
should be used |
|
instead, because it performs RSA-based host authentication in addition |
|
to normal rhosts or /etc/hosts.equiv authentication. |
|
The default is |
|
.Dq no . |
|
This option applies to protocol version 1 only. |
|
.It Cm RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
with successful RSA host authentication is allowed. |
with successful RSA host authentication is allowed. |
|
|
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
The default is AUTH. |
The default is AUTH. |
|
.It Cm TCPKeepAlive |
|
Specifies whether the system should send TCP keepalive messages to the |
|
other side. |
|
If they are sent, death of the connection or crash of one |
|
of the machines will be properly noticed. |
|
However, this means that |
|
connections will die if the route is down temporarily, and some people |
|
find it annoying. |
|
On the other hand, if TCP keepalives are not sent, |
|
sessions may hang indefinitely on the server, leaving |
|
.Dq ghost |
|
users and consuming server resources. |
|
.Pp |
|
The default is |
|
.Dq yes |
|
(to send TCP keepalive messages), and the server will notice |
|
if the network goes down or the client host crashes. |
|
This avoids infinitely hanging sessions. |
|
.Pp |
|
To disable TCP keepalive messages, the value should be set to |
|
.Dq no . |
.It Cm UseDNS |
.It Cm UseDNS |
Specifies whether |
Specifies whether |
.Nm sshd |
.Nm sshd |