sshd and ntpd
Darren Tucker
dtucker at dtucker.net
Thu Aug 15 08:47:04 AEST 2019
On Wed, 14 Aug 2019 at 15:09, Peter Moody <mindrot at hda3.com> wrote:
[...]
> is it possible that the crypto routines in sshd accept would be
> sensitive to the advancing system clock and kill the connection?
For an established session I wouldn't think so. Once it's up there
only symmetric ciphers unless it rekeys, in which case it'd use also
use the host keys. For regular key based auth I don't think so
either.
For a connection authenticating via certificates the clock skew might
throw off the certificate validity, but I suspect it'd have to be
pretty far off for it to matter.
For most other timers (eg ClientAliveInterval, RekeyInterval) it uses
CLOCK_MONOTONIC when the platform supports it, and that is not
affected by clock steps.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list