bugzilla-daemon at mindrot.org
2023-Jan-19 02:24 UTC
[Bug 3524] New: Rekey interval timeout not working when no package is being transfered
https://bugzilla.mindrot.org/show_bug.cgi?id=3524
Bug ID: 3524
Summary: Rekey interval timeout not working when no package is
being transfered
Product: Portable OpenSSH
Version: 8.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: sanjeetkaransingh105 at gmail.com
Created attachment 3652
--> https://bugzilla.mindrot.org/attachment.cgi?id=3652&action=edit
Proposed patch
Description of problem:
Rekey timeout is expiring but rekeying is starting
until a packet is sent or received.
I tried by ssh -v, and saw even through it reached timeout limit, still
rekeying was not happening until I press any key from keyboard.
Found in Version:
8.9, 8.4.
Proposed fix:
I see there is a check to ensure number of packets should be more than
0, before rekey timeout check inside ssh_packet_need_rekeying func in
packet.c. Just by moving rekey timeout based check before number of
packets check we can fix it.
I have opened a pull request against portable openssh:
https://github.com/openssh/openssh-portable/pull/372
I have attached the patch as well.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-19 05:24 UTC
[Bug 3524] Rekey interval timeout not working when no package is being transfered
https://bugzilla.mindrot.org/show_bug.cgi?id=3524 --- Comment #1 from sanjeetkaransingh105 at gmail.com --- My config includes the following: RekeyLimit default 10 ClientAliveInterval 15 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-23 03:04 UTC
[Bug 3524] Rekey interval timeout not working when no package is being transfered
https://bugzilla.mindrot.org/show_bug.cgi?id=3524
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
I'm not sure whether the proposed behaviour is more desirable - the
connection will rekey the next time there is traffic sent or received,
and there is little point rekeying a connection without traffic.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-23 22:13 UTC
[Bug 3524] Rekey interval timeout not working when no package is being transfered
https://bugzilla.mindrot.org/show_bug.cgi?id=3524 --- Comment #3 from sanjeetkaransingh105 at gmail.com --- Hi Damien, Thanks for reply, I think that's expected behavior when we set timeout based rekey value, that timer based rekey should happen regardless of traffic. It was working fine before following commit: https://github.com/openssh/openssh-portable/commit/21da87f439b48a85b951ef1518fe85ac0273e719 As before that, server was sending keep alive signals at rekey timeout which produce traffic and rekeying start happening. Than, I see a fix from upstream related to this: https://github.com/openssh/openssh-portable/commit/073f45c236550f158c9a94003e4611c07dea5279#diff-6e5958092d48b108bef3faadd24f2259a7e999ba8771cb64c986179c059fe130 But, even this fix didn't solve the issue, as there is a check for traffic that's preventing rekeying. Sorry due to account issues created another Pull request, https://github.com/openssh/openssh-portable/pull/373 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Oct-11 23:12 UTC
[Bug 3524] Rekey interval timeout not working when no package is being transfered
https://bugzilla.mindrot.org/show_bug.cgi?id=3524
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WONTFIX
Status|NEW |RESOLVED
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
I disagree - the timed based rekeying will happen immediately and not
doing it for an otherwise idle connection saves needless rekeys. If you
want to force time-based rekeying to happen promptly, then you can use
ClientAliveInterval/ServerAliveInterval to guarantee some traffic on
the connection to trigger the rekey.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.