Openssh-6.6p1 doesn't seem to rekey on the server end
Ethan Rahn
ethan.rahn at gmail.com
Thu Jul 28 11:24:02 AEST 2016
Hello,
( note, this is fixed in openssh-7.2p2 )
I was checking that openssh's sshd respected the "RekeyLimit" setting and
noticed that it did not seem to respect the setting for blocks ( i.e.
RekeyLimit 1K would not rekey ).
I examined this a bit and realized that the issue seems to be in
monitor.c:monitor_apply_keystate where set_newkeys is called before
packet_set_rekey_limits. Since set_newkeys requires packet_set_rekey_limits
to set the max blocks value, it results in the requested limits never being
set.
This is OpenSSH-6.6p1 with patches from Fedora. The patches don't seem to
affect this issue.
This is also fixed in OpenSSH-7.2p2. I thought it was worth bringing up
since I didn't see in any release notes when it got fixed and it was a bit
of a head-scratcher.
Cheers,
Ethan
More information about the openssh-unix-dev
mailing list