[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH key exchange in mid-session


Hello,

This is a known limitation, however this is the first time I get a
report of this causing a real problem.
You may try to work around by changing the cipher type to a cbc-based
one, for which the key reexchange is less important for the security
(and may be less restrictive).

I've never heard about that specific ssh server, do you know more about it ?

Thanks,

Aris

Le 4/04/12 21:54, Mark Riordan a écrit :
> Does libssh support key exchange (KEX) in mid-session?
> 
> We observed a situation during the download of a huge file in which 
> the session with our libssh-based client terminated abnormally 
> after just about 1 GB (1073745534 bytes, including some proxy overhead).
> Upon repeated attempts, the session terminated abnormally at the same
> point each time.
> 
> The server in question identifies itself as "SSH-2.0-Internet Server SSHD".
> 
> We suspect that the remote server is initiating a key exchange after 1 GB,
> but this is just a hunch at this point.
> 
> I looked at the libssh code and it seems to me that it does KEX
> only at the beginning of a session.  But I could be missing something.
> 
> I have not been able to find mention of this in https://red.libssh.org/
> or during my limited search of the mailing list archive at 
> http://www.libssh.org/archive/ .
> So, let me ask:  Is this a known limitation with libssh?
> 
> If not, I will proceed with turning on tracing (1 GB - ugghh)
> to further investigate.
> 
> Thanks,
> 
> Mark
> ---------------------------------------------------------------
> Mark Riordan
> Sr Software Developer
> T. 608.824.3632 | mriordan@xxxxxxxxxxxx
>  
> www.IpswitchFT.com
> 
> 
> 
> 

Follow-Ups:
RE: SSH key exchange in mid-session"Mark Riordan" <mriordan@xxxxxxxxxxxx>
RE: SSH key exchange in mid-session"Mark Riordan" <mriordan@xxxxxxxxxxxx>
References:
SSH key exchange in mid-session"Mark Riordan" <mriordan@xxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org