rekeying in SSH-2 and session setup?

Jan Iven jan.iven at cern.ch
Mon Jun 13 20:47:55 EST 2005


Dear all,
while playing around with openssh-4.1p1 (trying to add AFS token
forwarding in SSH-2), I noticed that agressive rekeying (as e.g.
employed by regress/rekey.sh, rekeying every 16bytes) seems to disturb
the various forwardings (X11, agent) set up at the beginning of the
session. These do not trigger regression test errors, since the client
does not ask for confirmation from the server for these commands (except
for remote port forwarding, and that one isn't set up by default).

Setting the minimum rekey limit to a higher value that covers all of the
session setup would be easy, but at least the port forwarding can get
added also later during the session. I guess that a rekey event at this
stage would kill the connection (explicit 'packet_disconnect()' if we
receive neither SUCCESS nor FAILURE from the server).

Could somebody perhaps check whether I am completely off-track with
this? I'd also be grateful on advice how to handle or prevent rekeying
events during session setup, e.g. in ssh_session2_setup().

Thanks
Jan






More information about the openssh-unix-dev mailing list