Attachment #3118 for bug #2830

View | Details | Raw Unified | Return to bug 2830
Collapse All | Expand All

Lines 370-375 AC_CHECK_HEADERS([ \ Link Here

(-)a/configure.ac (+1 lines)
370	maillock.h \	370	maillock.h \
371	ndir.h \	371	ndir.h \
372	net/if_tun.h \	372	net/if_tun.h \
		373	netinet/tcp.h \
373	netdb.h \	374	netdb.h \
374	netgroup.h \	375	netgroup.h \
375	pam/pam_appl.h \	376	pam/pam_appl.h \

Lines 151-157 typedef enum { Link Here

(-)a/readconf.c (-1 / +8 lines)
151	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,	151	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
152	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,	152	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
153	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,	153	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
154	oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,	154	oCompressionLevel, oTCPKeepAlive, oTCPUserTimeout, oNumberOfPasswordPrompts,
155	oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,	155	oUsePrivilegedPort, oLogFacility, oLogLevel, oCiphers, oMacs,
156	oPubkeyAuthentication,	156	oPubkeyAuthentication,
157	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,	157	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
Lines 259-264 static struct { Link Here
259	{ "compression", oCompression },	259	{ "compression", oCompression },
260	{ "tcpkeepalive", oTCPKeepAlive },	260	{ "tcpkeepalive", oTCPKeepAlive },
261	{ "keepalive", oTCPKeepAlive }, /* obsolete */	261	{ "keepalive", oTCPKeepAlive }, /* obsolete */
		262	{ "tcpusertimeout", oTCPUserTimeout },
262	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },	263	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
263	{ "syslogfacility", oLogFacility },	264	{ "syslogfacility", oLogFacility },
264	{ "loglevel", oLogLevel },	265	{ "loglevel", oLogLevel },
Lines 979-984 parse_time: Link Here
979	intptr = &options->tcp_keep_alive;	980	intptr = &options->tcp_keep_alive;
980	goto parse_flag;	981	goto parse_flag;
981		982
		983	case oTCPUserTimeout:
		984	intptr = &options->tcp_user_timeout;
		985	goto parse_int;
		986
982	case oNoHostAuthenticationForLocalhost:	987	case oNoHostAuthenticationForLocalhost:
983	intptr = &options->no_host_authentication_for_localhost;	988	intptr = &options->no_host_authentication_for_localhost;
984	goto parse_flag;	989	goto parse_flag;
Lines 1770-1775 initialize_options(Options * options) Link Here
1770	options->strict_host_key_checking = -1;	1775	options->strict_host_key_checking = -1;
1771	options->compression = -1;	1776	options->compression = -1;
1772	options->tcp_keep_alive = -1;	1777	options->tcp_keep_alive = -1;
		1778	options->tcp_user_timeout = -1;
1773	options->port = -1;	1779	options->port = -1;
1774	options->address_family = -1;	1780	options->address_family = -1;
1775	options->connection_attempts = -1;	1781	options->connection_attempts = -1;
Lines 2493-2498 dump_client_config(Options o, const char host) Link Here
2493	dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);	2499	dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
2494	dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);	2500	dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);
2495	dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);	2501	dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);
		2502	dump_cfg_fmtint(oTCPUserTimeout, o->tcp_user_timeout);
2496	dump_cfg_fmtint(oTunnel, o->tun_open);	2503	dump_cfg_fmtint(oTunnel, o->tun_open);
2497	dump_cfg_fmtint(oUsePrivilegedPort, o->use_privileged_port);	2504	dump_cfg_fmtint(oUsePrivilegedPort, o->use_privileged_port);
2498	dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns);	2505	dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns);

Lines 52-57 typedef struct { Link Here

(-)a/readconf.h (+1 lines)
52	int strict_host_key_checking; /* Strict host key checking. */	52	int strict_host_key_checking; /* Strict host key checking. */
53	int compression; /* Compress packets in both directions. */	53	int compression; /* Compress packets in both directions. */
54	int tcp_keep_alive; /* Set SO_KEEPALIVE. */	54	int tcp_keep_alive; /* Set SO_KEEPALIVE. */
		55	int tcp_user_timeout; /* Set TCP_USER_TIMEOUT */
55	int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */	56	int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
56	int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */	57	int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
57	SyslogFacility log_facility; /* Facility for system logging. */	58	SyslogFacility log_facility; /* Facility for system logging. */

Lines 174-179 For full details of the options listed below, and their possible values, see Link Here

(-)a/scp.1 (+1 lines)
174	.It ServerAliveCountMax	174	.It ServerAliveCountMax
175	.It StrictHostKeyChecking	175	.It StrictHostKeyChecking
176	.It TCPKeepAlive	176	.It TCPKeepAlive
		177	.It TCPUserTimeout
177	.It UpdateHostKeys	178	.It UpdateHostKeys
178	.It UsePrivilegedPort	179	.It UsePrivilegedPort
179	.It User	180	.It User




	options->xauth_location = NULL;
	options->strict_modes = -1;
	options->tcp_keep_alive = -1;
	options->tcp_user_timeout = -1;
	options->log_facility = SYSLOG_FACILITY_NOT_SET;
	options->log_level = SYSLOG_LEVEL_NOT_SET;
	options->hostbased_authentication = -1;

	sListenAddress, sAddressFamily,
	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, sTCPUserTimeout,
	sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,

	{ "rekeylimit", sRekeyLimit, SSHCFG_ALL },
	{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
	{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL },	/* obsolete alias */
	{ "tcpusertimeout", sTCPUserTimeout, SSHCFG_GLOBAL },
	{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
	{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
	{ "allowusers", sAllowUsers, SSHCFG_ALL },

		intptr = &options->tcp_keep_alive;
		goto parse_flag;

	case sTCPUserTimeout:
		intptr = &options->tcp_user_timeout;
		goto parse_int;

	case sEmptyPasswd:
		intptr = &options->permit_empty_passwd;
		goto parse_flag;

	dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
	dump_cfg_fmtint(sStrictModes, o->strict_modes);
	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
	dump_cfg_fmtint(sTCPUserTimeout, o->tcp_user_timeout);
	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
	dump_cfg_fmtint(sCompression, o->compression);

Lines 104-109 typedef struct { Link Here

(-)a/servconf.h (+1 lines)
104	int permit_user_rc; /* If false, deny ~/.ssh/rc execution */	104	int permit_user_rc; /* If false, deny ~/.ssh/rc execution */
105	int strict_modes; /* If true, require string home dir modes. */	105	int strict_modes; /* If true, require string home dir modes. */
106	int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */	106	int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
		107	int tcp_user_timeout; /* Set SO_USER_TIMEOUT. */
107	int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */	108	int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
108	int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */	109	int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
109	char ciphers; / Supported SSH2 ciphers. */	110	char ciphers; / Supported SSH2 ciphers. */

Lines 244-249 For full details of the options listed below, and their possible values, see Link Here

(-)a/sftp.1 (+1 lines)
244	.It ServerAliveCountMax	244	.It ServerAliveCountMax
245	.It StrictHostKeyChecking	245	.It StrictHostKeyChecking
246	.It TCPKeepAlive	246	.It TCPKeepAlive
		247	.It TCPUserTimeout
247	.It UpdateHostKeys	248	.It UpdateHostKeys
248	.It UsePrivilegedPort	249	.It UsePrivilegedPort
249	.It User	250	.It User

Lines 525-530 For full details of the options listed below, and their possible values, see Link Here

(-)a/ssh.1 (+1 lines)
525	.It StreamLocalBindUnlink	525	.It StreamLocalBindUnlink
526	.It StrictHostKeyChecking	526	.It StrictHostKeyChecking
527	.It TCPKeepAlive	527	.It TCPKeepAlive
		528	.It TCPUserTimeout
528	.It Tunnel	529	.It Tunnel
529	.It TunnelDevice	530	.It TunnelDevice
530	.It UpdateHostKeys	531	.It UpdateHostKeys

Lines 1301-1306 main(int ac, char **av) Link Here

(-)a/ssh.c (+1 lines)
1301	if (ssh_connect(ssh, host, addrs, &hostaddr, options.port,	1301	if (ssh_connect(ssh, host, addrs, &hostaddr, options.port,
1302	options.address_family, options.connection_attempts,	1302	options.address_family, options.connection_attempts,
1303	&timeout_ms, options.tcp_keep_alive,	1303	&timeout_ms, options.tcp_keep_alive,
		1304	options.tcp_user_timeout,
1304	options.use_privileged_port) != 0)	1305	options.use_privileged_port) != 0)
1305	exit(255);	1306	exit(255);
1306		1307

Lines 1510-1515 This is important in scripts, and many users want it too. Link Here

(-)a/ssh_config.5 (+5 lines)
1510	.Pp	1510	.Pp
1511	To disable TCP keepalive messages, the value should be set to	1511	To disable TCP keepalive messages, the value should be set to
1512	.Cm no .	1512	.Cm no .
		1513	.It Cm TCPUserTimeout
		1514	Specifies the value of the TCP_USER_TIMEOUT socket option on the ssh
		1515	socket.
		1516	.Pp
		1517	The default is to not set that option.
1513	.It Cm Tunnel	1518	.It Cm Tunnel
1514	Request	1519	Request
1515	.Xr tun 4	1520	.Xr tun 4

Lines 19-24 Link Here

(-)a/sshconnect.c (-3 / +16 lines)
19	#include <sys/wait.h>	19	#include <sys/wait.h>
20	#include <sys/stat.h>	20	#include <sys/stat.h>
21	#include <sys/socket.h>	21	#include <sys/socket.h>
		22	#ifdef HAVE_NETINET_TCP_H
		23	#include <netinet/tcp.h>
		24	#endif
22	#ifdef HAVE_SYS_TIME_H	25	#ifdef HAVE_SYS_TIME_H
23	# include <sys/time.h>	26	# include <sys/time.h>
24	#endif	27	#endif
Lines 413-419 timeout_connect(int sockfd, const struct sockaddr *serv_addr, Link Here
413	static int	416	static int
414	ssh_connect_direct(struct ssh ssh, const char host, struct addrinfo *aitop,	417	ssh_connect_direct(struct ssh ssh, const char host, struct addrinfo *aitop,
415	struct sockaddr_storage *hostaddr, u_short port, int family,	418	struct sockaddr_storage *hostaddr, u_short port, int family,
416	int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv)	419	int connection_attempts, int *timeout_ms, int want_keepalive,
		420	int tcp_user_timeout, int needpriv)
417	{	421	{
418	int on = 1;	422	int on = 1;
419	int sock = -1, attempt;	423	int sock = -1, attempt;
Lines 484-489 ssh_connect_direct(struct ssh ssh, const char host, struct addrinfo *aitop, Link Here
484	sizeof(on)) < 0)	488	sizeof(on)) < 0)
485	error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));	489	error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
486		490
		491	#if defined(HAVE_NETINET_TCP_H) && defined(SOL_TCP) && defined(TCP_USER_TIMEOUTS)
		492	/* Set SO_TCP_USER_TIMEOUT if requested. */
		493	if (tcp_user_timeout > 0 &&
		494	setsockopt(sock, SOL_TCP, TCP_USER_TIMEOUT, (void *)&tcp_user_timeout,
		495	sizeof(tcp_user_timeout)) < 0)
		496	error("setsockopt TCP_USER_TIMEOUT: %.100s", strerror(errno));
		497	#endif
		498
487	/* Set the connection. */	499	/* Set the connection. */
488	if (ssh_packet_set_connection(ssh, sock, sock) == NULL)	500	if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
489	return -1; /* ssh_packet_set_connection logs error */	501	return -1; /* ssh_packet_set_connection logs error */
Lines 494-505 ssh_connect_direct(struct ssh ssh, const char host, struct addrinfo *aitop, Link Here
494	int	506	int
495	ssh_connect(struct ssh ssh, const char host, struct addrinfo *addrs,	507	ssh_connect(struct ssh ssh, const char host, struct addrinfo *addrs,
496	struct sockaddr_storage *hostaddr, u_short port, int family,	508	struct sockaddr_storage *hostaddr, u_short port, int family,
497	int connection_attempts, int *timeout_ms, int want_keepalive, int needpriv)	509	int connection_attempts, int *timeout_ms, int want_keepalive,
		510	int tcp_user_timeout, int needpriv)
498	{	511	{
499	if (options.proxy_command == NULL) {	512	if (options.proxy_command == NULL) {
500	return ssh_connect_direct(ssh, host, addrs, hostaddr, port,	513	return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
501	family, connection_attempts, timeout_ms, want_keepalive,	514	family, connection_attempts, timeout_ms, want_keepalive,
502	needpriv);	515	tcp_user_timeout, needpriv);
503	} else if (strcmp(options.proxy_command, "-") == 0) {	516	} else if (strcmp(options.proxy_command, "-") == 0) {
504	if ((ssh_packet_set_connection(ssh,	517	if ((ssh_packet_set_connection(ssh,
505	STDIN_FILENO, STDOUT_FILENO)) == NULL)	518	STDIN_FILENO, STDOUT_FILENO)) == NULL)

Lines 35-41 struct addrinfo; Link Here

(-)a/sshconnect.h (-1 / +1 lines)
35	struct ssh;	35	struct ssh;
36		36
37	int ssh_connect(struct ssh , const char , struct addrinfo *,	37	int ssh_connect(struct ssh , const char , struct addrinfo *,
38	struct sockaddr_storage , u_short, int, int, int , int, int);	38	struct sockaddr_storage , u_short, int, int, int , int, int, int);
39	void ssh_kill_proxy_command(void);	39	void ssh_kill_proxy_command(void);
40		40
41	void ssh_login(Sensitive , const char , struct sockaddr *, u_short,	41	void ssh_login(Sensitive , const char , struct sockaddr *, u_short,

Lines 47-52 Link Here

(-)a/sshd.c (+11 lines)
47	#include <sys/types.h>	47	#include <sys/types.h>
48	#include <sys/ioctl.h>	48	#include <sys/ioctl.h>
49	#include <sys/socket.h>	49	#include <sys/socket.h>
		50	#ifdef HAVE_NETINET_TCP_H
		51	#include <netinet/tcp.h>
		52	#endif
50	#ifdef HAVE_SYS_STAT_H	53	#ifdef HAVE_SYS_STAT_H
51	# include <sys/stat.h>	54	# include <sys/stat.h>
52	#endif	55	#endif
Lines 2025-2030 main(int ac, char **av) Link Here
2025	setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)	2028	setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
2026	error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));	2029	error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
2027		2030
		2031	#if defined(HAVE_NETINET_TCP_H) && defined(SOL_TCP) && defined(TCP_USER_TIMEOUTS)
		2032	/* Set SO_TCP_USER_TIMEOUT if requested. */
		2033	if (options.tcp_user_timeout > 0 && packet_connection_is_on_socket() &&
		2034	setsockopt(sock_in, SOL_TCP, TCP_USER_TIMEOUT,
		2035	&options.tcp_user_timeout, sizeof(options.tcp_user_timeout)) < 0)
		2036	error("setsockopt TCP_USER_TIMEOUT: %.100s", strerror(errno));
		2037	#endif
		2038
2028	if ((remote_port = ssh_remote_port(ssh)) < 0) {	2039	if ((remote_port = ssh_remote_port(ssh)) < 0) {
2029	debug("ssh_remote_port failed");	2040	debug("ssh_remote_port failed");
2030	cleanup_exit(255);	2041	cleanup_exit(255);

Lines 1477-1482 This avoids infinitely hanging sessions. Link Here

(-)a/sshd_config.5 (+5 lines)
1477	.Pp	1477	.Pp
1478	To disable TCP keepalive messages, the value should be set to	1478	To disable TCP keepalive messages, the value should be set to
1479	.Cm no .	1479	.Cm no .
		1480	.It Cm TCPUserTimeout
		1481	Specifies the value of the TCP_USER_TIMEOUT socket option on the ssh
		1482	socket.
		1483	.Pp
		1484	The default is to not set that option.
1480	.It Cm TrustedUserCAKeys	1485	.It Cm TrustedUserCAKeys
1481	Specifies a file containing public keys of certificate authorities that are	1486	Specifies a file containing public keys of certificate authorities that are
1482	trusted to sign user certificates for authentication, or	1487	trusted to sign user certificates for authentication, or

Return to bug 2830

Lines 110-115 initialize_server_options(ServerOptions *options) Link Here

(-)a/servconf.c (-1 / +8 lines)
110	options->xauth_location = NULL;	110	options->xauth_location = NULL;
111	options->strict_modes = -1;	111	options->strict_modes = -1;
112	options->tcp_keep_alive = -1;	112	options->tcp_keep_alive = -1;
		113	options->tcp_user_timeout = -1;
113	options->log_facility = SYSLOG_FACILITY_NOT_SET;	114	options->log_facility = SYSLOG_FACILITY_NOT_SET;
114	options->log_level = SYSLOG_LEVEL_NOT_SET;	115	options->log_level = SYSLOG_LEVEL_NOT_SET;
115	options->hostbased_authentication = -1;	116	options->hostbased_authentication = -1;
Lines 449-455 typedef enum { Link Here
449	sListenAddress, sAddressFamily,	450	sListenAddress, sAddressFamily,
450	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	451	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
451	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	452	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
452	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,	453	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, sTCPUserTimeout,
453	sPermitUserEnvironment, sAllowTcpForwarding, sCompression,	454	sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
454	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,	455	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
455	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,	456	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
Lines 567-572 static struct { Link Here
567	{ "rekeylimit", sRekeyLimit, SSHCFG_ALL },	568	{ "rekeylimit", sRekeyLimit, SSHCFG_ALL },
568	{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },	569	{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
569	{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */	570	{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
		571	{ "tcpusertimeout", sTCPUserTimeout, SSHCFG_GLOBAL },
570	{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },	572	{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
571	{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },	573	{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
572	{ "allowusers", sAllowUsers, SSHCFG_ALL },	574	{ "allowusers", sAllowUsers, SSHCFG_ALL },
Lines 1473-1478 process_server_config_line(ServerOptions options, char line, Link Here
1473	intptr = &options->tcp_keep_alive;	1475	intptr = &options->tcp_keep_alive;
1474	goto parse_flag;	1476	goto parse_flag;
1475		1477
		1478	case sTCPUserTimeout:
		1479	intptr = &options->tcp_user_timeout;
		1480	goto parse_int;
		1481
1476	case sEmptyPasswd:	1482	case sEmptyPasswd:
1477	intptr = &options->permit_empty_passwd;	1483	intptr = &options->permit_empty_passwd;
1478	goto parse_flag;	1484	goto parse_flag;
Lines 2469-2474 dump_config(ServerOptions *o) Link Here
2469	dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);	2475	dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
2470	dump_cfg_fmtint(sStrictModes, o->strict_modes);	2476	dump_cfg_fmtint(sStrictModes, o->strict_modes);
2471	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);	2477	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
		2478	dump_cfg_fmtint(sTCPUserTimeout, o->tcp_user_timeout);
2472	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);	2479	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
2473	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);	2480	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
2474	dump_cfg_fmtint(sCompression, o->compression);	2481	dump_cfg_fmtint(sCompression, o->compression);