diff options
| author | David Ostrovsky <david@ostrovsky.org> | 2015-03-04 22:37:33 +0100 |
|---|---|---|
| committer | David Pursehouse <david.pursehouse@sonymobile.com> | 2015-04-06 12:33:06 +0900 |
| commit | 985201b5f959a32b18458822b54efd47b1408f44 (patch) | |
| tree | 169234c9f26c4fcf518265253a8325783e77434d | |
| parent | c8172b20e878685a6fb1adf30d13d628cf8e95ca (diff) | |
Revert "Revert "Allow configuration of SSH rekey values""
This reverts commit 3435c536a6024fc2a92610be452ab4d85ae5268c.
Change-Id: I4efe2e209ff05e68d8add596025622e76646bfde
| -rw-r--r-- | Documentation/config-gerrit.txt | 18 | ||||
| -rw-r--r-- | gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java | 9 |
2 files changed, 27 insertions, 0 deletions
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index f43ea16ee2..5b1817a843 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -3072,6 +3072,24 @@ programmatic configuration. + By default, true. +[[sshd.rekeyBytesLimit]]sshd.rekeyBytesLimit:: ++ +The SSH daemon will issue a rekeying after a certain amount of data. +This configuration option allows you to tweak that setting. ++ +By default, 1073741824 (bytes, 1GB). ++ +The rekeyBytesLimit cannot be set to lower than 32. + +[[sshd.rekeyTimeLimit]]sshd.rekeyTimeLimit:: ++ +The SSH daemon will issue a rekeying after a certain amount of time. +This configuration option allows you to tweak that setting. ++ +By default, 1h. ++ +Set to 0 to disable this check. + [[suggest]] === Section suggest diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java index 595b5d26c1..5ef4765bb5 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java @@ -189,6 +189,15 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { IDLE_TIMEOUT, String.valueOf(SECONDS.toMillis(idleTimeoutSeconds))); + long rekeyTimeLimit = ConfigUtil.getTimeUnit(cfg, "sshd", null, + "rekeyTimeLimit", 3600, SECONDS); + getProperties().put( + REKEY_TIME_LIMIT, + String.valueOf(SECONDS.toMillis(rekeyTimeLimit))); + + getProperties().put(REKEY_BYTES_LIMIT, + String.valueOf(cfg.getLong("sshd", "rekeyBytesLimit", 1024 * 1024 * 1024 /* 1GB */))); + final int maxConnectionsPerUser = cfg.getInt("sshd", "maxConnectionsPerUser", 64); if (0 < maxConnectionsPerUser) { |