Created attachment 1480064 [details] Fixes rekey proposal Description of problem: (This is a slight adaption of our Debian report of this issue available at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819361) We get failures during rekey when using ssh with kerberos authentication and GSSAPI key-exchange. This can be noticed in long-running ssh sessions or when doing large scp transfers (or triggered manually in the ssh client, using the ~R escape sequence). As far as we can tell the ssh client offers a different set of key-exchange algorithms on initial connection and when doing the rekeying. Version-Release number of selected component (if applicable): 7.8p1-1 and very probably earlier versions as well How reproducible: Always and easily done with ~R Steps to Reproduce: 1.Start ssh session with gsskex 2.Trigger rekey with ~R or a large data transfer Actual results: Rekey fails Expected results: Rekey succeeds Additional info: Patch is attached (albeit against an older version) Please see a longer discussion on: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819361
Thank you for the report. This is something that should be indeed fixed. I am wondering why nobody hit this before.
openssh-7.8p1-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-50a6d79d8e
openssh-7.8p1-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-9effcf1f69
openssh-7.8p1-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-50a6d79d8e
openssh-7.8p1-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-9effcf1f69
openssh-7.8p1-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
openssh-7.8p1-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.