[Bug 1056] RekeyLimit can be ridiculously low and is undocumented.

Fri Jun 17 01:24:17 EST 2005

http://bugzilla.mindrot.org/show_bug.cgi?id=1056

           Summary: RekeyLimit can be ridiculously low and is undocumented.
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: jan.iven at cern.ch

Too low a RekeyLimit prevents ssh setup (X11,agent etc forwarding) from working
 (if return codes are not checked) or kills the session (for those forwardings
that expect a reply from the server).
The attached patch sets a silently enforced minimum of 4k for the RekeyLimit
option, and adds a blurb to the ssh-config manpage about it.

This is a hack, the client should rather know how to deal with rekeying during
session setup. This patch also will make one of the regress tests useless
(rekey.sh with 16byte-rekey will be the same as 4k-rekey). Impact on actual use
should be low, the default is to rekey after a few Gigs.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.