Displaying 20 results from an estimated 4000 matches similar to: "ssh client auto rekey feature."
2016 Jan 05
14
[Bug 2521] New: subtract buffer size from computed rekey limit to avoid exceeding it
https://bugzilla.mindrot.org/show_bug.cgi?id=2521
Bug ID: 2521
Summary: subtract buffer size from computed rekey limit to
avoid exceeding it
Product: Portable OpenSSH
Version: 6.8p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
2023 Mar 29
1
ChaCha20 Rekey Frequency
I was wondering if there was something specific to the internal chacha20
cipher as opposed to OpenSSL implementation.
I can't just change the block size because it breaks compatibility. I
can do something like as a hack (though it would probably be better to
do it with the compat function):
if (strstr(enc->name, "chacha"))
*max_blocks = (u_int64_t)1 << (16*2);
2023 Jan 19
4
[Bug 3524] New: Rekey interval timeout not working when no package is being transfered
https://bugzilla.mindrot.org/show_bug.cgi?id=3524
Bug ID: 3524
Summary: Rekey interval timeout not working when no package is
being transfered
Product: Portable OpenSSH
Version: 8.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
2023 Mar 29
2
ChaCha20 Rekey Frequency
On Wed, 29 Mar 2023, Chris Rapier wrote:
> I was wondering if there was something specific to the internal chacha20
> cipher as opposed to OpenSSL implementation.
>
> I can't just change the block size because it breaks compatibility. I can do
> something like as a hack (though it would probably be better to do it with the
> compat function):
>
> if
2023 Mar 29
1
[EXTERNAL] Re: ChaCha20 Rekey Frequency
I'm hardly an expert on this, but if I remember correctly, the rekey rate for good security is mostly dependent on the cipher block size. I left my reference books at home; so, I can't come up with a reference for you, but I would take Chris' "I'm deeply unsure of what impact that would have on the security of the cipher" comment seriously and switch to a cipher with a
2023 Mar 29
1
[EXTERNAL] Re: ChaCha20 Rekey Frequency
That's true for block ciphers, but ChaCha20+poly1305 is a stream cipher.
On Wed, 29 Mar 2023, Robinson, Herbie wrote:
>
> I?m hardly an expert on this, but if I remember correctly, the rekey rate
> for good security is mostly dependent on the cipher block size.? I left my
> reference books at home; so, I can?t come up with a reference for you, but I
> would take Chris?
2023 Mar 24
1
ChaCha20 Rekey Frequency
I'm wondering why the ChaCha20 cipher rekeys so frequently. At speed I'm
seeing rekeys every second or two. So I'm spending a large amount of
time in the rekey process. From what I've read about ChaCha20 it
shouldn't need to be rekeyed quite so frequently. Am I missing something
obvious?
Just curious more than anything else.
Chris
2013 May 13
1
Session rekeying support in OpenSSH
Hi,
I am using OpenSSH_5.2p1. It seems ssh server doesn't support key
regeneration after a specified amount of time. I manually verified the
OpenSSH_5.2p1 and OpenSSH-6.2 source codes and haven?t found any code
support for session rekeying in both releases.
SSH2 supports session rekeying using the parameter ?RekeyIntervalSeconds?
with default value 3600 seconds (one hour) in both
2005 Jun 13
1
rekeying in SSH-2 and session setup?
Dear all,
while playing around with openssh-4.1p1 (trying to add AFS token
forwarding in SSH-2), I noticed that agressive rekeying (as e.g.
employed by regress/rekey.sh, rekeying every 16bytes) seems to disturb
the various forwardings (X11, agent) set up at the beginning of the
session. These do not trigger regression test errors, since the client
does not ask for confirmation from the server for
2014 Jul 06
15
[Bug 2252] New: RekeyLimit breaks ClientAlive
https://bugzilla.mindrot.org/show_bug.cgi?id=2252
Bug ID: 2252
Summary: RekeyLimit breaks ClientAlive
Product: Portable OpenSSH
Version: 6.6p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
2016 May 26
19
[Bug 2573] New: dead sessions cannot be closed with ~.
https://bugzilla.mindrot.org/show_bug.cgi?id=2573
Bug ID: 2573
Summary: dead sessions cannot be closed with ~.
Product: Portable OpenSSH
Version: 3.7.1p2
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
2009 Feb 11
1
Configure re-keying in sftp server
Hello,
I'm trying to configure the openssh sftp server to perform re-keying. On the client side I've found the RekeyLimit parameter. But I am unable to find an equivalent for the server side. Is it currently not possible to configure the sftp server to perform re-keying? Or have I overlooked something.
--
R
_________________________________________________________________
Snygga till
2016 May 26
5
[Bug 2572] New: dead sessions aren't closed despite ClientAlive enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=2572
Bug ID: 2572
Summary: dead sessions aren't closed despite ClientAlive
enabled
Product: Portable OpenSSH
Version: 3.7.1p2
Hardware: All
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
2023 Mar 29
1
[EXTERNAL] Re: ChaCha20 Rekey Frequency
Ah, with an internal block size [Is that what one calls it?] of 64 bytes.
From: Damien Miller <djm at mindrot.org>
Sent: Wednesday, March 29, 2023 3:08 PM
To: Robinson, Herbie <Herbie.Robinson at stratus.com>
Cc: Chris Rapier <rapier at psc.edu>; Christian Weisgerber <naddy at mips.inka.de>; openssh-unix-dev at mindrot.org
Subject: RE: [EXTERNAL] Re: ChaCha20 Rekey
2018 Nov 13
12
[Bug 2929] New: OpenSSH server should not send the SSH_MSG_EXT_INFO message after rekeying
https://bugzilla.mindrot.org/show_bug.cgi?id=2929
Bug ID: 2929
Summary: OpenSSH server should not send the SSH_MSG_EXT_INFO
message after rekeying
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2023 Mar 29
1
ChaCha20 Rekey Frequency
Hi Damien,
>This is what I'm playing with at the moment:
if you?re playing with this currently anyway, shouldn?t?
>+ /*
>+ * Otherwise, use the RFC4344 s3.2 recommendation of 2**(L/4) blocks
>+ * before rekeying where L is the blocksize in bits.
>+ * Most other ciphers have a 128 bit blocksize, so this equates to
>+ * 2**32 blocks / 64GB data.
>+ */
>+ return
2017 Sep 23
3
Call for testing: OpenSSH 7.6
> Portable OpenSSH is also available via [...] Github:
https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:
>
> $ ./configure && make tests
I was going to try this on Kali Linux (latest version), but ran into
trouble right away. No "configure" script exists
2017 Jun 01
11
[Bug 2726] New: Uploading of large files (1GB+) fails when using SFTP in chrooted configuration
https://bugzilla.mindrot.org/show_bug.cgi?id=2726
Bug ID: 2726
Summary: Uploading of large files (1GB+) fails when using SFTP
in chrooted configuration
Product: Portable OpenSSH
Version: 7.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2023 Jun 10
1
Question About Dynamic Remote Forwarding
On Fri, 9 Jun 2023, Chris Rapier wrote:
> Hi all,
>
> When a client requests dynamic remote forwarding with -R it delays forking
> into the background. In ssh.c we see
>
> if (options.fork_after_authentication) {
> if (options.exit_on_forward_failure &&
> options.num_remote_forwards > 0) {
> debug("deferring postauth fork until
2024 May 21
2
[Bug 3692] New: rekey.sh doesn't actually test different algorithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3692
Bug ID: 3692
Summary: rekey.sh doesn't actually test different algorithms
Product: Portable OpenSSH
Version: 9.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Regression tests