Bug 1624344 - Rekeying on long sessions fails when using gss
Summary: Rekeying on long sessions fails when using gss
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 28
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1624370
TreeView+ depends on / blocked
 
Reported: 2018-08-31 09:26 UTC by Daniel Ahlin
Modified: 2018-09-21 05:25 UTC (History)
7 users (show)

Fixed In Version: openssh-7.8p1-2.fc28 openssh-7.8p1-2.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1624370 (view as bug list)
Environment:
Last Closed: 2018-09-11 16:52:13 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Fixes rekey proposal (1.05 KB, text/plain)
2018-08-31 09:26 UTC, Daniel Ahlin 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Debian BTS 819361 0 None None None 2018-08-31 09:26:10 UTC

Description Daniel Ahlin 2018-08-31 09:26:10 UTC 
Created attachment 1480064 [details]
Fixes rekey proposal

Description of problem:

(This is a slight adaption of our Debian report of this issue available at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819361)

We get failures during rekey when using ssh with kerberos authentication
and GSSAPI key-exchange. This can be noticed in long-running ssh
sessions or when doing large scp transfers (or triggered manually in the
ssh client, using the ~R escape sequence).

As far as we can tell the ssh client offers a different set of
key-exchange algorithms on initial connection and when doing the
rekeying.


Version-Release number of selected component (if applicable):
7.8p1-1 and very probably earlier versions as well


How reproducible:
Always and easily done with ~R

Steps to Reproduce:
1.Start ssh session with gsskex
2.Trigger rekey with ~R or a large data transfer

Actual results:
Rekey fails

Expected results:
Rekey succeeds

Additional info:
Patch is attached (albeit against an older version)
Please see a longer discussion on:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819361
Comment 1 Jakub Jelen 2018-08-31 11:37:43 UTC 
Thank you for the report. This is something that should be indeed fixed. I am wondering why nobody hit this before.
Comment 2 Fedora Update System 2018-08-31 12:20:07 UTC 
openssh-7.8p1-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-50a6d79d8e
Comment 3 Fedora Update System 2018-08-31 12:36:48 UTC 
openssh-7.8p1-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-9effcf1f69
Comment 4 Fedora Update System 2018-08-31 16:23:13 UTC 
openssh-7.8p1-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-50a6d79d8e
Comment 5 Fedora Update System 2018-08-31 22:27:46 UTC 
openssh-7.8p1-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-9effcf1f69
Comment 6 Fedora Update System 2018-09-11 16:52:13 UTC 
openssh-7.8p1-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2018-09-21 05:25:16 UTC 
openssh-7.8p1-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.