Created attachment 3652 [details] Proposed patch Description of problem: Rekey timeout is expiring but rekeying is starting until a packet is sent or received. I tried by ssh -v, and saw even through it reached timeout limit, still rekeying was not happening until I press any key from keyboard. Found in Version: 8.9, 8.4. Proposed fix: I see there is a check to ensure number of packets should be more than 0, before rekey timeout check inside ssh_packet_need_rekeying func in packet.c. Just by moving rekey timeout based check before number of packets check we can fix it. I have opened a pull request against portable openssh: https://github.com/openssh/openssh-portable/pull/372 I have attached the patch as well.
My config includes the following: RekeyLimit default 10 ClientAliveInterval 15
I'm not sure whether the proposed behaviour is more desirable - the connection will rekey the next time there is traffic sent or received, and there is little point rekeying a connection without traffic.
Hi Damien, Thanks for reply, I think that's expected behavior when we set timeout based rekey value, that timer based rekey should happen regardless of traffic. It was working fine before following commit: https://github.com/openssh/openssh-portable/commit/21da87f439b48a85b951ef1518fe85ac0273e719 As before that, server was sending keep alive signals at rekey timeout which produce traffic and rekeying start happening. Than, I see a fix from upstream related to this: https://github.com/openssh/openssh-portable/commit/073f45c236550f158c9a94003e4611c07dea5279#diff-6e5958092d48b108bef3faadd24f2259a7e999ba8771cb64c986179c059fe130 But, even this fix didn't solve the issue, as there is a check for traffic that's preventing rekeying. Sorry due to account issues created another Pull request, https://github.com/openssh/openssh-portable/pull/373