Openssh-6.6p1 doesn't seem to rekey on the server end

Ethan Rahn ethan.rahn at
Thu Jul 28 11:24:02 AEST 2016


( note, this is fixed in openssh-7.2p2 )

I was checking that openssh's sshd respected the "RekeyLimit" setting and
noticed that it did not seem to respect the setting for blocks ( i.e.
RekeyLimit 1K would not rekey ).

I examined this a bit and realized that the issue seems to be in
monitor.c:monitor_apply_keystate where set_newkeys is called before
packet_set_rekey_limits. Since set_newkeys requires packet_set_rekey_limits
to set the max blocks value, it results in the requested limits never being

This is OpenSSH-6.6p1 with patches from Fedora. The patches don't seem to
affect this issue.

This is also fixed in OpenSSH-7.2p2. I thought it was worth bringing up
since I didn't see in any release notes when it got fixed and it was a bit
of a head-scratcher.



More information about the openssh-unix-dev mailing list