Bug 1056

Summary:

RekeyLimit can be ridiculously low and is undocumented.

Product:

Portable OpenSSH

Reporter:

Jan Iven <jan.iven>

Component:

ssh

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

normal

Priority:

Version:

-current

Hardware:

All

OS:

Linux

Bug Depends on:

Bug Blocks:

1222, 1274

Attachments:

Description	Flags
path to set 4k minimum rekeylimit, add to ssh_config man page	none
Minimum 1k rekeylimit, check for integer wrap	none

Description Jan Iven 2005-06-17 01:24:17 AEST

Too low a RekeyLimit prevents ssh setup (X11,agent etc forwarding) from working
 (if return codes are not checked) or kills the session (for those forwardings
that expect a reply from the server).
The attached patch sets a silently enforced minimum of 4k for the RekeyLimit
option, and adds a blurb to the ssh-config manpage about it.

This is a hack, the client should rather know how to deal with rekeying during
session setup. This patch also will make one of the regress tests useless
(rekey.sh with 16byte-rekey will be the same as 4k-rekey). Impact on actual use
should be low, the default is to rekey after a few Gigs.

Comment 1 Jan Iven 2005-06-17 01:29:11 AEST

Created attachment 929 [details]
path to set 4k minimum rekeylimit, add to ssh_config man page

Comment 2 Damien Miller 2005-10-30 10:59:39 AEDT

hm, I haven't been able to reproduce the hang you have experienced when setting rekeylimit low. Even setting RekeyLimit=16 produces a working session for me.

This isn't to say that we shouldn't set a minimum.

Comment 3 Damien Miller 2005-10-30 11:33:18 AEDT

Created attachment 1015 [details]
Minimum 1k rekeylimit, check for integer wrap

This checks that the RekeyLimit is >= 1024 and raises a fatal() error if it isn't. 

It also checks for integer wraparound (because rekey_limit is only a signed int) and fatal()s if it wraps.

Comment 4 Jan Iven 2005-10-31 18:35:49 AEDT

The patch should to it I used 4k to make sure that sssion setup hets through, not sure whether all of it fits into 1k.
*But if nobody else has seen a hang with low rekeylimits, perhaps you can just close this bug (and eventually re-open).*

If your patch goes in, I suggest to add something to the man page, and modify regress/rekey.sh to not try with 16byte rekey interval.

Comment 5 Damien Miller 2005-10-31 22:14:01 AEDT

could you send a debug trace of a hang with a low rekeylimit? i'd rather fix the problem...

Comment 6 Darren Tucker 2006-01-20 11:18:33 AEDT

The man page addition (with some minor changes) has been applied, thanks.

Comment 7 Damien Miller 2006-03-12 15:54:40 AEDT

The patch to prevent integer wrap was committed but with a minimum rekeylimit of 16 bytes. Please try to reproduce your original problems and capture a debug trace - low rekey limits should cause bugs.

Comment 8 Damien Miller 2006-06-23 18:40:44 AEST

oops, comment #7 should read "low rekey limits should *not* cause bugs". Also, RekeyLimit is documented in ssh_config(5) since early this year.

Have you had a chance to retest?

Comment 9 Damien Miller 2007-06-12 17:36:57 AEST

No feedback for a year == bug closed.

I haven't been able to recreate the problem with a low rekeylimit (the min is capped at 16 now), and the manpage bits have long since gone in.

Comment 10 Damien Miller 2008-04-04 09:55:06 AEDT

Close resolved bugs after release.