[Bug 1608965] Re: ssh GSSAPI rekey failure
Yakkety reached EOL, while Xenial is now in Extended Security Maintenance, and this bug doesn't qualify for it, so this bug won't be fixed in those releases. ** Changed in: openssh (Ubuntu Xenial) Status: Triaged => Won't Fix ** Changed in: openssh (Ubuntu Yakkety) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1608965] Re: ssh GSSAPI rekey failure
This bug was fixed in the package openssh - 1:7.4p1-6 --- openssh (1:7.4p1-6) unstable; urgency=medium * Remove temporary file on exit from postinst (closes: #850275). * Remove LOGIN_PROGRAM and LOGIN_NO_ENDOPT definitions, since UseLogin is gone. * Document sshd_config changes that may be needed following the removal of protocol 1 support from sshd (closes: #851573). * Remove ssh_host_dsa_key from HostKey default (closes: #850614). * Fix rekeying failure with GSSAPI key exchange (thanks, Harald Barth; closes: #819361, LP: #1608965). -- Colin WatsonMon, 16 Jan 2017 15:11:10 + ** Changed in: openssh (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1608965] Re: ssh GSSAPI rekey failure
I've applied this patch to Debian unstable (thanks!), so it'll be in Ubuntu 17.04. I'd be happy to help somebody issue stable updates for 16.04 and 16.10, but am unlikely to have time to do that myself. ** Also affects: openssh (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: openssh (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: openssh (Ubuntu Xenial) Status: New => Triaged ** Changed in: openssh (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: openssh (Ubuntu Yakkety) Status: New => Triaged ** Changed in: openssh (Ubuntu Yakkety) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1608965] Re: ssh GSSAPI rekey failure
> It does not seem to honor "ReKeyLimit 0G 1H" in my case. Have you tried "RekeyLimit 0" on _both_ ends? Harald. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1608965] Re: ssh GSSAPI rekey failure
I submitted a patch. See https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=819361 Patch inline: - --- sshconnect2.c.orig 2017-01-04 19:47:10.0 +0100 +++ sshconnect2.c 2017-01-05 04:13:08.977425272 +0100 @@ -222,7 +222,6 @@ orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; xasprintf([PROPOSAL_SERVER_HOST_KEY_ALGS], "%s,null", orig); - free(gss); } } #endif @@ -273,6 +272,16 @@ /* remove ext-info from the KEX proposals for rekeying */ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(options.kex_algorithms); +#ifdef GSSAPI + /* repair myproposal after it was crumpled by the */ + /* ext-info removal above */ + if (gss) { + orig = myproposal[PROPOSAL_KEX_ALGS]; + xasprintf([PROPOSAL_KEX_ALGS], + "%s,%s", gss, orig); + free(gss); + } +#endif if ((r = kex_prop2buf(kex->my, myproposal)) != 0) fatal("kex_prop2buf: %s", ssh_err(r)); - This patch should be merged with gssapi.patch (for obvious reasons). Harald. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1608965] Re: ssh GSSAPI rekey failure
> Any news on handling this bug? Sorry, this is deep in the backlog and I don't expect Ubuntu developers to look into this any time soon on a volunteer basis. I suggest that you try the latest upstream openssh release, and if it is still an issue there, then raise the bug upstream if it hasn't been reported already. If it is fixed in the latest upstream release, then if you could identify the fix then we can do something about it in Ubuntu. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1608965] Re: ssh GSSAPI rekey failure
Still a problem the rekeying on 16.04 using openssh 7.2p2-4. Tried to install 7.3p1-1 on a 16.04 exact same problem. Scp and sftp stalls at aroung 1G when rekeying and setting RekeyLimit in either ssh_config or .ssh/config does not have any affect on rekeying. Any news on handling this bug? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1608965] Re: ssh GSSAPI rekey failure
I believe this was also reported to Debian as https://bugs.debian.org /cgi-bin/bugreport.cgi?bug=819361. Thank you for filing this report! We might need to follow-up with the upstream openssh community to help debug this. ** Bug watch added: Debian Bug tracker #819361 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819361 ** Changed in: openssh (Ubuntu) Status: Confirmed => Triaged ** Changed in: openssh (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1608965] Re: ssh GSSAPI rekey failure
+1 on this and see the exact same. Also its still seen in the 16.04 openssh-client 1:7.2p2-4ubuntu2.1. Any valid workarounds on this? It does not seem to honor "ReKeyLimit 0G 1H" in my case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1608965] Re: ssh GSSAPI rekey failure
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssh (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1608965 Title: ssh GSSAPI rekey failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1608965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs