diff options
| author |   markus <markus@openbsd.org> | 2003-04-01 10:10:23 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2003-04-01 10:10:23 +0000 |
| commit | 3eb3a5f4b849019ad30937c9c9b70faa44509fa2 (patch) | |
| tree | ebb67d6eb138eef1ec9562e5aeda74cec215ee8a /usr.bin/ssh/clientloop.c | |
| parent | tidy up of EXAMPLES section; (diff) | |
| download | wireguard-openbsd-3eb3a5f4b849019ad30937c9c9b70faa44509fa2.tar.xz wireguard-openbsd-3eb3a5f4b849019ad30937c9c9b70faa44509fa2.zip | |
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
Diffstat (limited to 'usr.bin/ssh/clientloop.c')
| -rw-r--r-- | usr.bin/ssh/clientloop.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index fcd75d2d727..846eeeee139 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.105 2002/11/18 16:43:44 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.106 2003/04/01 10:10:23 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -968,9 +968,8 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) /* Do channel operations unless rekeying in progress. */ if (!rekeying) { channel_after_select(readset, writeset); - - if (need_rekeying) { - debug("user requests rekeying"); + if (need_rekeying || packet_need_rekeying()) { + debug("need rekeying"); xxx_kex->done = 0; kex_send_kexinit(xxx_kex); need_rekeying = 0; |