thr3ads.net - openssh bugs - [Bug 3524] New: Rekey interval timeout not working when no package is being transfered [Jan 2023]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at mindrot.org

2023-Jan-19 02:24 UTC

[Bug 3524] New: Rekey interval timeout not working when no package is being transfered

https://bugzilla.mindrot.org/show_bug.cgi?id=3524

            Bug ID: 3524
           Summary: Rekey interval timeout not working when no package is
                    being transfered
           Product: Portable OpenSSH
           Version: 8.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: sanjeetkaransingh105 at gmail.com

Created attachment 3652
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3652&action=edit
Proposed patch

Description of problem:

Rekey timeout is expiring but rekeying is starting
until a packet is sent or received. 

I tried by ssh -v, and saw even through it reached timeout limit, still
rekeying was not happening until I press any key from keyboard.

Found in Version:
8.9, 8.4.

Proposed fix:

I see there is a check to ensure number of packets should be more than
0, before rekey timeout check inside ssh_packet_need_rekeying func in
packet.c. Just by moving rekey timeout based check before number of
packets check we can fix it.

I have opened a pull request against portable openssh:
https://github.com/openssh/openssh-portable/pull/372

I have attached the patch as well.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

bugzilla-daemon at mindrot.org

2023-Jan-19 05:24 UTC

head link

[Bug 3524] Rekey interval timeout not working when no package is being transfered

https://bugzilla.mindrot.org/show_bug.cgi?id=3524

--- Comment #1 from sanjeetkaransingh105 at gmail.com ---
My config includes the following:

RekeyLimit default 10
ClientAliveInterval 15

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

bugzilla-daemon at mindrot.org

2023-Jan-23 03:04 UTC

head link

[Bug 3524] Rekey interval timeout not working when no package is being transfered

https://bugzilla.mindrot.org/show_bug.cgi?id=3524

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
I'm not sure whether the proposed behaviour is more desirable - the
connection will rekey the next time there is traffic sent or received,
and there is little point rekeying a connection without traffic.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

bugzilla-daemon at mindrot.org

2023-Jan-23 22:13 UTC

head link

[Bug 3524] Rekey interval timeout not working when no package is being transfered

https://bugzilla.mindrot.org/show_bug.cgi?id=3524

--- Comment #3 from sanjeetkaransingh105 at gmail.com ---
Hi Damien,

Thanks for reply, I think that's expected behavior when we set timeout
based rekey value, that timer based rekey should happen regardless of
traffic. 

It was working fine before following commit: 

https://github.com/openssh/openssh-portable/commit/21da87f439b48a85b951ef1518fe85ac0273e719

As before that, server was sending keep alive signals at rekey timeout
which produce traffic and rekeying start happening.

Than, I see a fix from upstream related to this:   
https://github.com/openssh/openssh-portable/commit/073f45c236550f158c9a94003e4611c07dea5279#diff-6e5958092d48b108bef3faadd24f2259a7e999ba8771cb64c986179c059fe130

But, even this fix didn't solve the issue, as there is a check for
traffic that's preventing rekeying.

Sorry due to account issues created another Pull request,
https://github.com/openssh/openssh-portable/pull/373

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at mindrot.org

2023-Oct-11 23:12 UTC

head link

[Bug 3524] Rekey interval timeout not working when no package is being transfered

https://bugzilla.mindrot.org/show_bug.cgi?id=3524

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
I disagree - the timed based rekeying will happen immediately and not
doing it for an otherwise idle connection saves needless rekeys. If you
want to force time-based rekeying to happen promptly, then you can use
ClientAliveInterval/ServerAliveInterval to guarantee some traffic on
the connection to trigger the rekey.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

Possibly Parallel Threads

Search for more possibly parallel threads

openssh bugs - Jan 2023 - [Bug 3524] New: Rekey interval timeout not working when no package is being transfered

[Bug 3524] New: Rekey interval timeout not working when no package is being transfered

[Bug 3524] Rekey interval timeout not working when no package is being transfered

[Bug 3524] Rekey interval timeout not working when no package is being transfered

[Bug 3524] Rekey interval timeout not working when no package is being transfered

[Bug 3524] Rekey interval timeout not working when no package is being transfered

Possibly Parallel Threads