ssh GSSAPI rekey failure

Status changed to 'Confirmed' because the bug affects multiple users.

+1 on this and see the exact same. Also its still seen in the 16.04 openssh-client 1:7.2p2-4ubuntu2.1. Any valid workarounds on this?

It does not seem to honor "ReKeyLimit 0G 1H" in my case.

I believe this was also reported to Debian as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819361. Thank you for filing this report! We might need to follow-up with the upstream openssh community to help debug this.

Still a problem the rekeying on 16.04 using openssh 7.2p2-4. Tried to install 7.3p1-1 on a 16.04 exact same problem. Scp and sftp stalls at aroung 1G when rekeying and setting RekeyLimit in either ssh_config or .ssh/config does not have any affect on rekeying.

Any news on handling this bug?

> Any news on handling this bug?

Sorry, this is deep in the backlog and I don't expect Ubuntu developers to look into this any time soon on a volunteer basis.

I suggest that you try the latest upstream openssh release, and if it is still an issue there, then raise the bug upstream if it hasn't been reported already.

If it is fixed in the latest upstream release, then if you could identify the fix then we can do something about it in Ubuntu.

I submitted a patch. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819361

Patch inline:
-----------------------------------------------------------------------------------------
--- sshconnect2.c.orig 2017-01-04 19:47:10.000000000 +0100
+++ sshconnect2.c 2017-01-05 04:13:08.977425272 +0100
@@ -222,7 +222,6 @@
                        orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
                        xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
                            "%s,null", orig);
- free(gss);
                }
        }
 #endif
@@ -273,6 +272,16 @@
        /* remove ext-info from the KEX proposals for rekeying */
        myproposal[PROPOSAL_KEX_ALGS] =
            compat_kex_proposal(options.kex_algorithms);
+#ifdef GSSAPI
+ /* repair myproposal after it was crumpled by the */
+ /* ext-info removal above */
+ if (gss) {
+ orig = myproposal[PROPOSAL_KEX_ALGS];
+ xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
+ "%s,%s", gss, orig);
+ free(gss);
+ }
+#endif
        if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
                fatal("kex_prop2buf: %s", ssh_err(r));

-----------------------------------------------------------------------------------------
This patch should be merged with gssapi.patch (for obvious reasons).

Harald.

> It does not seem to honor "ReKeyLimit 0G 1H" in my case.

Have you tried "RekeyLimit 0" on _both_ ends?

Harald.

I've applied this patch to Debian unstable (thanks!), so it'll be in Ubuntu 17.04. I'd be happy to help somebody issue stable updates for 16.04 and 16.10, but am unlikely to have time to do that myself.

This bug was fixed in the package openssh - 1:7.4p1-6

---------------
openssh (1:7.4p1-6) unstable; urgency=medium

  * Remove temporary file on exit from postinst (closes: #850275).
  * Remove LOGIN_PROGRAM and LOGIN_NO_ENDOPT definitions, since UseLogin is
    gone.
  * Document sshd_config changes that may be needed following the removal of
    protocol 1 support from sshd (closes: #851573).
  * Remove ssh_host_dsa_key from HostKey default (closes: #850614).
  * Fix rekeying failure with GSSAPI key exchange (thanks, Harald Barth;
    closes: #819361, LP: #1608965).

 -- Colin Watson <email address hidden> Mon, 16 Jan 2017 15:11:10 +0000

Yakkety reached EOL, while Xenial is now in Extended Security Maintenance, and this bug doesn't qualify for it, so this bug won't be fixed in those releases.