From: simon Date: Wed, 29 Dec 2004 13:44:20 +0000 (+0000) Subject: Add some discussion of rekeys-as-keepalives, and their potential X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/commitdiff_plain/f3699a1e4c076a25a0b3541e044aa0ed52bfb04c Add some discussion of rekeys-as-keepalives, and their potential adverse effect on the life expectancy of a low-use connection over a low-reliability network. git-svn-id: svn://svn.tartarus.org/sgt/putty@5041 cda61777-01e9-0310-a592-d414129be87e --- diff --git a/doc/config.but b/doc/config.but index ed6600ca..361d68e3 100644 --- a/doc/config.but +++ b/doc/config.but @@ -2200,8 +2200,21 @@ used: } PuTTY can be prevented from initiating a rekey entirely by setting -both of these values to zero. (Note, however, that the SSH server may -still initiate rekeys.) +both of these values to zero. (Note, however, that the SSH +\e{server} may still initiate rekeys.) + +You might have a need to disable rekeys completely for the same +reasons that keepalives aren't always helpful. If you anticipate +suffering a network dropout of several hours in the middle of an SSH +connection, but were not actually planning to send \e{data} down +that connection during those hours, then an attempted rekey in the +middle of the dropout will probably cause the connection to be +abandoned, whereas if rekeys are disabled then the connection should +in principle survive (in the absence of interfering firewalls). See +\k{config-keepalive} for more discussion of these issues; for these +purposes, rekeys have much the same properties as keepalives. +(Except that rekeys have cryptographic value in themselves, so you +should bear that in mind when deciding whether to turn them off.) \H{config-ssh-auth} The Auth panel