[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re: rekeying in SSH-2 and session setup?
From: Damien Miller <djm () mindrot ! org>
Date: 2005-06-16 3:33:28
Message-ID: 42B0F308.6070809 () mindrot ! org
[Download RAW message or body]
Jan Iven wrote:
> Dear all,
> while playing around with openssh-4.1p1 (trying to add AFS token
> forwarding in SSH-2), I noticed that agressive rekeying (as e.g.
> employed by regress/rekey.sh, rekeying every 16bytes) seems to disturb
> the various forwardings (X11, agent) set up at the beginning of the
> session. These do not trigger regression test errors, since the client
> does not ask for confirmation from the server for these commands (except
> for remote port forwarding, and that one isn't set up by default).
Yes, we should probably set want_reply for forwarding setups and (at
least) warn when they are refused.
This would be a fairly easy project for someone who wants to start
hacking OpenSSH (hint, hint).
That rekeying causes problems is more concerning (I'll look at this),
but 16 bytes is an absurdly low limit - it isn't even enough to fit a
protocol v.2 packet.
-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic