search for: stevensm

...handleing Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org ReportedBy: stevensm at gmail.com There are a set of circumstances that can cause sshd to incorrectly fatal() 1) Client advertises a large window > 0x10000 increment of 0xa0000 total 2) Server is sending more than above listed data to client 3) Client does not consume data as fast as server buffers it into channe...

In our work with enabling large windows for openssh we found 1) that if a window > 0x10000 is advertised to openssh's sshd 2) the sshd tries to send more than 0x10000 bytes of data 3) the receiver does not consume them 4) the input buffer will grow larger than the size allowed by buffer.c and fatal(). We believe the correct behavior is to limit reading into the channel input buffer to

As before, it is described on our website. This should apply fairly cleanly to both portable and openbsd ssh. http://www.psc.edu/networking/hpn-ssh/ Only in openssh-3.8.1p1-dynwindow: Makefile diff -u openssh-3.8.1p1/buffer.c openssh-3.8.1p1-dynwindow/buffer.c --- openssh-3.8.1p1/buffer.c 2003-11-21 07:56:47.000000000 -0500 +++ openssh-3.8.1p1-dynwindow/buffer.c 2004-07-12 07:49:29.000000000

We have developed a patch that enables changing the SSH window size using the tcp window size as the source. This allows SSH to obtain maximum use of the bandwidth on high BDP links. We also have a page that describes the changes and performance. http://www.psc.edu/~rapier/hpn-ssh/ The patch against CVS is included here. Common subdirectories: src/usr.bin/ssh/CVS and ssh/CVS diff -u