Markus Germeier, on August 30. 2000, wrote:
: > : This is clearly a bug in 2.3.0. (a severe one IMHO!)
: >
: > Yes and no. The rekeying feature improves security, because the
: > security and integrity keys are changed once every hour (by default,
: > you can change it, or diable it altogether).
:
: Oh, yes. I missed that one. Set RekeyIntervalSeconds to 0, right?
Yes.
: > It is a bug, however, to bomb like you describe if the host key is
: > changed during your terminal session. Will be fixed.
:
: So, I believe your rekeying feature introduced a bug to 2.3 even if
: the hostkey did _not_ change.
In this case, yes. But as I have used it (and our QA has tested it),
rekeying only introduced problems in the following scenarios
a) client (or server) was OpenSSH, SecureCRT or F-Secure 4.1 (not sure
of the version), which don't currently implement rekeying, and bomb
the connection when the rekey-request comes (this is documented in the
README, and I mentioned it on my announce mail).
b) the hostkey changes during the connection (say, you change the
hostkey on the server side, leave your old connection open, and
connect with a new client and change the host key. Then the old
connection dies, when the rekey request comes)
c) The hostkey has changed (or you haven't saved it to disk), the
above behaviour again.
The problems a) and b) will be addressed (not much we can do to the
other clients and servers).
Now, your case is different. Could you send a complete bug report to
me, so I could find and fix this problem, too?
--
[[EMAIL PROTECTED] -- Sami J. Lehtinen -- [EMAIL PROTECTED]]
[work:+358 9 85657425][gsm:+358 50 5170 258][http://www.iki.fi/~sjl]
[SSH Communications Security Corp http://www.ssh.com/]
