Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Openssh-6.6p1 doesn't seem to rekey on the server end

1 view
Skip to first unread message

Ethan Rahn

unread,
Jul 27, 2016, 9:36:03 PM7/27/16
to
Hello,

( note, this is fixed in openssh-7.2p2 )

I was checking that openssh's sshd respected the "RekeyLimit" setting and
noticed that it did not seem to respect the setting for blocks ( i.e.
RekeyLimit 1K would not rekey ).

I examined this a bit and realized that the issue seems to be in
monitor.c:monitor_apply_keystate where set_newkeys is called before
packet_set_rekey_limits. Since set_newkeys requires packet_set_rekey_limits
to set the max blocks value, it results in the requested limits never being
set.

This is OpenSSH-6.6p1 with patches from Fedora. The patches don't seem to
affect this issue.

This is also fixed in OpenSSH-7.2p2. I thought it was worth bringing up
since I didn't see in any release notes when it got fixed and it was a bit
of a head-scratcher.

Cheers,

Ethan
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

0 new messages