Revert "Revert "Allow configuration of SSH rekey values""

This reverts commit 3435c536a6. Change-Id: I4efe2e209ff05e68d8add596025622e76646bfde
2015-03-04 22:37:33 +01:00 · 2015-03-04 22:37:33 +01:00 · 985201b5f9
commit 985201b5f9
parent c8172b20e8
2 changed files with 27 additions and 0 deletions
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@ -3072,6 +3072,24 @@ programmatic configuration.
 +
 By default, true.

+[[sshd.rekeyBytesLimit]]sshd.rekeyBytesLimit::
+
+The SSH daemon will issue a rekeying after a certain amount of data.
+This configuration option allows you to tweak that setting.
+
+By default, 1073741824 (bytes, 1GB).
+
+The rekeyBytesLimit cannot be set to lower than 32.
+
+[[sshd.rekeyTimeLimit]]sshd.rekeyTimeLimit::
+
+The SSH daemon will issue a rekeying after a certain amount of time.
+This configuration option allows you to tweak that setting.
+
+By default, 1h.
+
+Set to 0 to disable this check.
+
 [[suggest]]
 === Section suggest

--- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java
@ -189,6 +189,15 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
        IDLE_TIMEOUT,
        String.valueOf(SECONDS.toMillis(idleTimeoutSeconds)));

+    long rekeyTimeLimit = ConfigUtil.getTimeUnit(cfg, "sshd", null,
+        "rekeyTimeLimit", 3600, SECONDS);
+    getProperties().put(
+        REKEY_TIME_LIMIT,
+        String.valueOf(SECONDS.toMillis(rekeyTimeLimit)));
+
+    getProperties().put(REKEY_BYTES_LIMIT,
+        String.valueOf(cfg.getLong("sshd", "rekeyBytesLimit", 1024 * 1024 * 1024 /* 1GB */)));
+
    final int maxConnectionsPerUser =
        cfg.getInt("sshd", "maxConnectionsPerUser", 64);
    if (0 < maxConnectionsPerUser) {