Bug 1056 - RekeyLimit can be ridiculously low and is undocumented.
Summary: RekeyLimit can be ridiculously low and is undocumented.
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: -current
Hardware: All Linux
: P2 normal
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_4_5 V_4_6
  Show dependency treegraph
 
Reported: 2005-06-17 01:24 AEST by Jan Iven
Modified: 2023-01-13 13:57 AEDT (History)
0 users

See Also:

Attachments
path to set 4k minimum rekeylimit, add to ssh_config man page (1.27 KB, patch)
2005-06-17 01:29 AEST, Jan Iven 		no flags Details | Diff
Minimum 1k rekeylimit, check for integer wrap (1.59 KB, patch)
2005-10-30 11:33 AEDT, Damien Miller 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Iven 2005-06-17 01:24:17 AEST 
Too low a RekeyLimit prevents ssh setup (X11,agent etc forwarding) from working
 (if return codes are not checked) or kills the session (for those forwardings
that expect a reply from the server).
The attached patch sets a silently enforced minimum of 4k for the RekeyLimit
option, and adds a blurb to the ssh-config manpage about it.

This is a hack, the client should rather know how to deal with rekeying during
session setup. This patch also will make one of the regress tests useless
(rekey.sh with 16byte-rekey will be the same as 4k-rekey). Impact on actual use
should be low, the default is to rekey after a few Gigs.
Comment 1 Jan Iven 2005-06-17 01:29:11 AEST 
Created attachment 929 [details]
path to set 4k minimum rekeylimit, add to ssh_config man page
Comment 2 Damien Miller 2005-10-30 10:59:39 AEDT 
hm, I haven't been able to reproduce the hang you have experienced when setting rekeylimit low. Even setting RekeyLimit=16 produces a working session for me.

This isn't to say that we shouldn't set a minimum.
Comment 3 Damien Miller 2005-10-30 11:33:18 AEDT 
Created attachment 1015 [details]
Minimum 1k rekeylimit, check for integer wrap

This checks that the RekeyLimit is >= 1024 and raises a fatal() error if it isn't. 

It also checks for integer wraparound (because rekey_limit is only a signed int) and fatal()s if it wraps.
Comment 4 Jan Iven 2005-10-31 18:35:49 AEDT 
The patch should to it I used 4k to make sure that sssion setup hets through, not sure whether all of it fits into 1k.
*But if nobody else has seen a hang with low rekeylimits, perhaps you can just close this bug (and eventually re-open).*

If your patch goes in, I suggest to add something to the man page, and modify regress/rekey.sh to not try with 16byte rekey interval.
Comment 5 Damien Miller 2005-10-31 22:14:01 AEDT 
could you send a debug trace of a hang with a low rekeylimit? i'd rather fix the problem...
Comment 6 Darren Tucker 2006-01-20 11:18:33 AEDT 
The man page addition (with some minor changes) has been applied, thanks.
Comment 7 Damien Miller 2006-03-12 15:54:40 AEDT 
The patch to prevent integer wrap was committed but with a minimum rekeylimit of 16 bytes. Please try to reproduce your original problems and capture a debug trace - low rekey limits should cause bugs.
Comment 8 Damien Miller 2006-06-23 18:40:44 AEST 
oops, comment #7 should read "low rekey limits should *not* cause bugs". Also, RekeyLimit is documented in ssh_config(5) since early this year.

Have you had a chance to retest?
Comment 9 Damien Miller 2007-06-12 17:36:57 AEST 
No feedback for a year == bug closed.

I haven't been able to recreate the problem with a low rekeylimit (the min is capped at 16 now), and the manpage bits have long since gone in.
Comment 10 Damien Miller 2008-04-04 09:55:06 AEDT 
Close resolved bugs after release.