Allow configuration of SSH rekey values

A long standing bug in SSHD Mina where packets gets out of order during the rekey phase, will force the ControlMaster to disconnect during high load (repo -jxx): Protocol error: expected packet type 31, got 94 This fix allows us to change the trigger limits for rekeying: rekeyTimeLimit - Default value 1h rekeyBytesLimit - Default value 1073741824 (bytes, 1GB) The rekeyTimeLimit can be set to 0 to disable the trigger. The rekeyBytesLimit can never be set to lower than 32, (Mina will automatically raise the value to 32 if lower). To get rid of the Protocol error by using these configuration values, you can set rekeyTimeLimit to 0 (disables it) and also set a very high rekeyBytesLimit. This will ensure that the bug prone rekeying logic in SSHD Mina will never be executed. Change-Id: Ic196c99266252f47659b26af645b26f77fc15ebd
2014-10-06 16:31:57 +02:00
parent a37b50e306
commit 6f721702f0
2 changed files with 27 additions and 0 deletions
--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
@@ -189,6 +189,15 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
        IDLE_TIMEOUT,
        String.valueOf(SECONDS.toMillis(idleTimeoutSeconds)));

+    long rekeyTimeLimit = ConfigUtil.getTimeUnit(cfg, "sshd", null,
+        "rekeyTimeLimit", 3600, SECONDS);
+    getProperties().put(
+        REKEY_TIME_LIMIT,
+        String.valueOf(SECONDS.toMillis(rekeyTimeLimit)));
+
+    getProperties().put(REKEY_BYTES_LIMIT,
+        String.valueOf(cfg.getLong("sshd", "rekeyBytesLimit", 1024 * 1024 * 1024 /* 1GB */)));
+
    final int maxConnectionsPerUser =
        cfg.getInt("sshd", "maxConnectionsPerUser", 64);
    if (0 < maxConnectionsPerUser) {