search for: rekeylimit

http://bugzilla.mindrot.org/show_bug.cgi?id=1056 ------- Comment #2 from djm at mindrot.org 2005-10-30 10:59 ------- hm, I haven't been able to reproduce the hang you have experienced when setting rekeylimit low. Even setting RekeyLimit=16 produces a working session for me. This isn't to say that we shouldn't set a minimum. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...it as it seems that extra neurons fire when I log into a host and get a visual cue of what looks like a strawberry or jester hat and suddenly a catalog of frequent commands relevant to the particular host surface in mind ;-) I have two configuration problems that make VisualHostKey less usable. * RekeyLimit I'm no crypto expert, pretty much cargo-culting here, but from bits and pieces I've read, it seems like re-keying is crucial for a cipher like AES-GCM. Maybe it's just a gut feeling inspired by strongSwan IPsec daemons which are constantly re-keying. Every time the cipher is re-keyed...

https://bugzilla.mindrot.org/show_bug.cgi?id=2264 Bug ID: 2264 Summary: RekeyLimit option does not allow '4G' value when UINT_MAX is 0xffffffff Product: Portable OpenSSH Version: 6.6p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: s...

https://bugzilla.mindrot.org/show_bug.cgi?id=2252 Bug ID: 2252 Summary: RekeyLimit breaks ClientAlive Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter:...

...Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #9 from Damien Miller <djm at mindrot.org> 2007-06-12 17:36:57 --- No feedback for a year == bug closed. I haven't been able to recreate the problem with a low rekeylimit (the min is capped at 16 now), and the manpage bits have long since gone in. -- Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1390 Summary: RekeyLimit max value is too restrictive Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucke...

Hello, I'm trying to configure the openssh sftp server to perform re-keying. On the client side I've found the RekeyLimit parameter. But I am unable to find an equivalent for the server side. Is it currently not possible to configure the sftp server to perform re-keying? Or have I overlooked something. -- R _________________________________________________________________ Snygga till dina bilder snabbt, enkelt och g...

...almost always go above the limit for a few blocks (depending on how much of them were in the buffer) before rekeying is triggered. In our case at Facebook, this was causing AES-GCM to go above the 64 GiB limit shortly before triggering rekeying and abort with an error, unless a sufficiently lower RekeyLimit is explicitly set (which itself can only be set to values less than 4GiB because of u32int being used, but that's a different story). My proposed fix is to deduce the maximum theoretical amount of buffered blocks from the computed max_blocks value. -- You are receiving this mail because: You...

...n (using ChrootDirectory and "ForceCommand internal-sftp" in SSHD config). The symptomps are that WinSCP (or other SFTP clients) interrupts the connection with SFTP server once number of bytes transferred exceeds 1GB. Further diagnosis showed that this behaviour is related to the value of Rekeylimit - when reaching the Rekeylimit (as set explicitly in config file) the connection is interrupted immediately. Unfortunately, setting it's value to "none" does not solve the problem - probably SSHD takes the default value (1GB?) and the connection is interrupted when number of transferr...

...penSSH 6.2 ========================= This release is predominantly a bugfix release: Features: * sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards. * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. * sshd(8): standardise logging of information during user authentication. The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same lo...

> Portable OpenSSH is also available via [...] Github: https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not require installation and is a simply: > > $ ./configure && make tests I was going to try this on Kali Linux (latest version), but ran into trouble right away. No "configure" script exists

...penSSH 6.2 ========================= This release is predominantly a bugfix release: Features: * sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards. * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. * sshd(8): standardise logging of information during user authentication. The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same lo...

...penSSH 6.2 ========================= This release is predominantly a bugfix release: Features: * sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards. * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. * sshd(8): standardise logging of information during user authentication. The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same lo...

https://bugzilla.mindrot.org/show_bug.cgi?id=2572 Bug ID: 2572 Summary: dead sessions aren't closed despite ClientAlive enabled Product: Portable OpenSSH Version: 3.7.1p2 Hardware: All OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd

https://bugzilla.mindrot.org/show_bug.cgi?id=2443 Bug ID: 2443 Summary: Bugs intended to be fixed for OpenSSH 7.1 Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous

http://bugzilla.mindrot.org/show_bug.cgi?id=866 Summary: ssh(1) is too picky about unknown options in ~/.ssh/config Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at

...de PubkeyAcceptedKeyTypes in ssh -G config dump. * sshd(8): avoid changing TunnelForwarding device flags if they are already what is needed; makes it possible to use tun/tap networking as non-root user if device permissions and interface flags are pre-established * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet. bz#2521 * ssh(1): fix multiplexing master failure to notice client exit. * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that present empty key IDs. bz#1773 * sshd(8): avoid printf of NULL argument. bz#2535 * ssh(1), sshd(8): allow RekeyLimi...

Hello. Yes, i think that was the cause why agent forwarding wasn't performed at all, i had to rm(1) the control socket and the next ssh(1) connection forwarded the agent normally again. (It was a huge timeshift by several hours.) I.e., just in case this is something you didn't have on your radar yet. Ciao. --steffen

https://bugzilla.mindrot.org/show_bug.cgi?id=3524 Bug ID: 3524 Summary: Rekey interval timeout not working when no package is being transfered Product: Portable OpenSSH Version: 8.9p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

I plan to use ssh as the secure transport of a VPN. (Yes I know there are other solutions but...) These tunnels may be up for a long time, days or weeks, and escape characters will be turned off because I'll be passing binary data so I can't force a rekey with that method. Since the ssh spec says one should rekey every hour, I plan to patch the ssh client to implement an auto-rekey