bugzilla-daemon at mindrot.org
2005-Jun-16 15:24 UTC
[Bug 1056] RekeyLimit can be ridiculously low and is undocumented.
http://bugzilla.mindrot.org/show_bug.cgi?id=1056 Summary: RekeyLimit can be ridiculously low and is undocumented. Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: jan.iven at cern.ch Too low a RekeyLimit prevents ssh setup (X11,agent etc forwarding) from working (if return codes are not checked) or kills the session (for those forwardings that expect a reply from the server). The attached patch sets a silently enforced minimum of 4k for the RekeyLimit option, and adds a blurb to the ssh-config manpage about it. This is a hack, the client should rather know how to deal with rekeying during session setup. This patch also will make one of the regress tests useless (rekey.sh with 16byte-rekey will be the same as 4k-rekey). Impact on actual use should be low, the default is to rekey after a few Gigs. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Jun-16 15:29 UTC
[Bug 1056] RekeyLimit can be ridiculously low and is undocumented.
http://bugzilla.mindrot.org/show_bug.cgi?id=1056 ------- Additional Comments From jan.iven at cern.ch 2005-06-17 01:29 ------- Created an attachment (id=929) --> (http://bugzilla.mindrot.org/attachment.cgi?id=929&action=view) path to set 4k minimum rekeylimit, add to ssh_config man page ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.