[Bug 2726] New: Uploading of large files (1GB+) fails when using SFTP in chrooted configuration

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Jun 1 23:24:35 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2726

            Bug ID: 2726
           Summary: Uploading of large files (1GB+) fails when using SFTP
                    in chrooted configuration
           Product: Portable OpenSSH
           Version: 7.3p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sftp
          Assignee: unassigned-bugs at mindrot.org
          Reporter: artur.maj at gmail.com

Created attachment 2986
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2986&action=edit
SSHD config used in a test chrooted environment

I am unable unable to upload large files (1GB or greater) via SFTP when
using SFTP in a chrooted configuration (using ChrootDirectory and
"ForceCommand internal-sftp" in SSHD config). The symptomps are that
WinSCP (or other SFTP clients) interrupts the connection with SFTP
server once number of bytes transferred exceeds 1GB. Further diagnosis
showed that this behaviour is related to the value of Rekeylimit - when
reaching the Rekeylimit (as set explicitly in config file) the
connection is interrupted immediately. Unfortunately, setting it's
value to "none" does not solve the problem - probably SSHD takes the
default value (1GB?) and the connection is interrupted when number of
transferred bytes exceeds this value. SSHD ignores values larger than
1G so the one cannot set it over 1GB. 

I did not experience this bug when using SFTP without chrooting it - in
a "regular" SSHD/SFTP configuration session key is renegotiated
properly and large files can be transferred without problems.

Verified on the latest Gentoo and Ubuntu 16.04 LTS operating systems.

Attached you can find reference SSHD config that can be used to
replicate the issue. Rekeylimit can be set, for instance, to 10M to
experience the issue with smaller files.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list