From a97af5bd865a5ef4aa3c242978bc5fdff644c9ce Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Wed, 12 Jul 2023 20:41:45 +0100 Subject: factory-default/net-misc/openssh: enable ServerAliveInterval instead of TCPKeepAlive --- factory-default/net-misc/openssh/etc/ssh/ssh_config | 11 +++++++++-- factory-default/net-misc/openssh/etc/ssh/sshd_config | 5 ++--- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'factory-default') diff --git a/factory-default/net-misc/openssh/etc/ssh/ssh_config b/factory-default/net-misc/openssh/etc/ssh/ssh_config index f4fa561f..bea2d57d 100644 --- a/factory-default/net-misc/openssh/etc/ssh/ssh_config +++ b/factory-default/net-misc/openssh/etc/ssh/ssh_config @@ -29,10 +29,10 @@ Host * # Ciphers allowed and their order of preference Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com - # Available KEX (Key Exchange) algorithms + # KEX (Key Exchange) algorithms KexAlgorithms curve25519-sha256@libssh.org - # MAC (message authentication code) algorithms in order of preference + # MAC (message authentication code) algorithms MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com # Key types used for public key authentication @@ -61,3 +61,10 @@ Host * # Specifies revoked host public keys RevokedHostKeys /etc/ssh/ssh_revoked_hosts + + # Do not send TCP keepalive messages to the other side + TCPKeepAlive no + + # Interval in seconds after which, send a message through the encrypted + # channel to request a response from the server + ServerAliveInterval 15 diff --git a/factory-default/net-misc/openssh/etc/ssh/sshd_config b/factory-default/net-misc/openssh/etc/ssh/sshd_config index ba67af42..979756a4 100644 --- a/factory-default/net-misc/openssh/etc/ssh/sshd_config +++ b/factory-default/net-misc/openssh/etc/ssh/sshd_config @@ -76,8 +76,8 @@ X11Forwarding no # ~/.ssh/authorized_keys PermitUserEnvironment no -# Send TCP keepalive messages to the other side -TCPKeepAlive yes +# Do not send TCP keepalive messages to the other side +TCPKeepAlive no # Maximum number of authentication attempts permitted per connection MaxAuthTries 3 @@ -89,7 +89,6 @@ MaxSessions 2 # Send a message through the encrypted channel to request a response # from the client ClientAliveInterval 15 -ClientAliveCountMax 2 # Disable compression after the user has authenticated successfully Compression no -- cgit v1.2.3