Client-keep-alive interaction with time-based rekeying

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I recently updated openssh from 7.9 to 8.4 and noticed that the time-based rekeying doesn't happen automatically on idle connections until a packet is sent from the client.
I was able to narrow it down to this commit in 8.0:


commit 21da87f439b48a85b951ef1518fe85ac0273e719

Author: djm@xxxxxxxxxxx<mailto:djm@xxxxxxxxxxx> <djm@xxxxxxxxxxx<mailto:djm@xxxxxxxxxxx>>

Date:   Wed Mar 27 09:29:14 2019 +0000



    upstream: fix interaction between ClientAliveInterval and RekeyLimit



    that could cause connection to close incorrectly; Report and patch from Jakub

    Jelen in bz#2757; ok dtucker@ markus@



    OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb



diff --git a/serverloop.c b/serverloop.c

index f86f832b..d7b04b37 100644

--- a/serverloop.c

+++ b/serverloop.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: serverloop.c,v 1.214 2019/03/06 21:06:59 dtucker Exp $ */

+/* $OpenBSD: serverloop.c,v 1.215 2019/03/27 09:29:14 djm Exp $ */

 /*

  * Author: Tatu Ylonen <ylo@xxxxxxxxx<mailto:ylo@xxxxxxxxx>>

  * Copyright (c) 1995 Tatu Ylonen <ylo@xxxxxxxxx<mailto:ylo@xxxxxxxxx>>, Espoo, Finland

@@ -248,9 +248,10 @@ wait_until_can_do_something(struct ssh *ssh,

                uint64_t keepalive_ms =

                    (uint64_t)options.client_alive_interval * 1000;



-               client_alive_scheduled = 1;

-               if (max_time_ms == 0 || max_time_ms > keepalive_ms)

+               if (max_time_ms == 0 || max_time_ms > keepalive_ms) {

                        max_time_ms = keepalive_ms;

+                       client_alive_scheduled = 1;

+               }

        }
My config includes the following:

RekeyLimit default 10
ClientAliveInterval 15

>From my experiments, this prevents the client-keep-alive from triggering when it is time for the rekeying to happen.
I was able to put the RekeyLimit to 35, and I observed the keep alive messages being sent to the client twice, but radio silence afterwards.
I couldn't find any discussion on this, but is this a known issue?



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux