I've twice tried to report what appears to me to be an sshd bug introduced
in snv_b80, but have yet to find my report in the searchable bug db. Are
reports normally vetted before being accepted? In any case, I'll post here
what I tried to report there in hopes that some who might care will
notice.
Using Sun sshd and either Sun_SSH client or OpenSSH client, try to transfer
more than 1GB over a connection where "Ciphers" is one of arcfour, 3des-cbc
or blowfish-cbc and RetryLimit is >= 1GB.
For clients, the problem can be worked-around by using aes128 and/or using
RekeyLimit <= 1G. I suspect this is actually and sshd probelm, and for
that, I'm unaware of any work-around.
The attached script illustrates the problem...
#!/usr/bin/ksh93
ITER=1
remote=remote
blocks="10 16 128 1023 1024"
n=0
while [ $n -lt $ITER ]; do
for alg in arcfour aes128-cbc aes128-ctr blowfish-cbc 3des-cbc; do
printf "%12s: " $alg
err=0
for blks in $blocks; do
let count=blks+2
out=$((ssh -o "Ciphers $alg" -o "RekeyLimit ${blks}M" $remote \
"dd if=/data/ISO/sol-10-u4-ga-x86-dvd.iso \
bs=1024k count=$count 2>/dev/null" >/dev/null )2>&1)
if [ $? != 0 ]; then
[ $err -gt 0 ] && printf "\n%14s" ' '
printf "%5s %s" RekeyLimit=${blks}M "$out"
((++err))
fi
done
[ $err -eq 0 ] && printf "Ok"
echo
done
let n=n+1
done
Script output is:
arcfour: RekeyLimit=1024M Disconnecting: Protocol error: expected packet
type 31, got 20
aes128-cbc: Ok
aes128-ctr: Ok
blowfish-cbc: RekeyLimit=1024M Disconnecting: Protocol error: expected packet
type 31, got 20
3des-cbc: RekeyLimit=1024M Disconnecting: Protocol error: expected packet
type 31, got 20
This message posted from opensolaris.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: script
Type: application/octet-stream
Size: 751 bytes
Desc: not available
URL:
<http://mail.opensolaris.org/pipermail/security-discuss/attachments/20080325/c253423e/attachment.obj>
