Allow configuration of SSH rekey values

A long standing bug in SSHD Mina where packets gets out of order during the rekey phase, will force the ControlMaster to disconnect during high load (repo -jxx): Protocol error: expected packet type 31, got 94 This fix allows us to change the trigger limits for rekeying: rekeyTimeLimit - Default value 1h rekeyBytesLimit - Default value 1073741824 (bytes, 1GB) The rekeyTimeLimit can be set to 0 to disable the trigger. The rekeyBytesLimit can never be set to lower than 32, (Mina will automatically raise the value to 32 if lower). To get rid of the Protocol error by using these configuration values, you can set rekeyTimeLimit to 0 (disables it) and also set a very high rekeyBytesLimit. This will ensure that the bug prone rekeying logic in SSHD Mina will never be executed. Change-Id: Ic196c99266252f47659b26af645b26f77fc15ebd
2014-10-06 16:31:57 +02:00 · 2014-10-06 16:31:57 +02:00 · 6f721702f0
commit 6f721702f0
parent a37b50e306
2 changed files with 27 additions and 0 deletions
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@ -3113,6 +3113,24 @@ programmatic configuration.
 +
 By default, true.

+[[sshd.rekeyBytesLimit]]sshd.rekeyBytesLimit::
+
+Sshd Mina will issue a rekeying after a certain amount of data.
+This configuration option allows you to tweak that setting.
+
+By default, 1073741824 (bytes, 1GB).
+
+The rekeyBytesLimit cannot be set to lower than 32.
+
+[[sshd.rekeyTimeLimit]]sshd.rekeyTimeLimit::
+
+Sshd Mina will issue a rekeying after a certain amount of time.
+This configuration option allows you to tweak that setting.
+
+By default, 1h.
+
+Set to 0 to disable this check.
+
 [[suggest]]
 === Section suggest

--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
@ -189,6 +189,15 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
        IDLE_TIMEOUT,
        String.valueOf(SECONDS.toMillis(idleTimeoutSeconds)));

+    long rekeyTimeLimit = ConfigUtil.getTimeUnit(cfg, "sshd", null,
+        "rekeyTimeLimit", 3600, SECONDS);
+    getProperties().put(
+        REKEY_TIME_LIMIT,
+        String.valueOf(SECONDS.toMillis(rekeyTimeLimit)));
+
+    getProperties().put(REKEY_BYTES_LIMIT,
+        String.valueOf(cfg.getLong("sshd", "rekeyBytesLimit", 1024 * 1024 * 1024 /* 1GB */)));
+
    final int maxConnectionsPerUser =
        cfg.getInt("sshd", "maxConnectionsPerUser", 64);
    if (0 < maxConnectionsPerUser) {