-
Bug
-
Resolution: Done-Errata
-
Major
-
rhel-8.7.0
-
openssh-8.0p1-21.el8
-
None
-
Important
-
1
-
rhel-sst-security-crypto
-
ssg_security
-
26
-
1
-
QE ack
-
False
-
-
Yes
-
Crypto24Q1
-
-
Pass
-
Automated
-
Bug Fix
-
-
Done
-
-
All
-
None
Description of problem:
When the sshd configuration file is larger than 256K (main /etc/ssh/sshd_config + includes), it's not possible to log in to the system anymore and the following message is recorded in the journal:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Feb 14 12:10:48 vm-rhel8 sshd[2979]: error: ssh_msg_recv: read: bad msg_len 618704
Feb 14 12:10:48 vm-rhel8 sshd[2979]: fatal: recv_rexec_state: ssh_msg_recv failed
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
On the client side, the ssh process hangs forever.
The root cause for this is the size of the configuration which cannot be sent to the ssh connection handler, due to the size being larger than 256KB:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
139 void
140 mm_request_receive(int sock, struct sshbuf *m)
141 {
:
153 msg_len = PEEK_U32(buf);
154 if (msg_len > 256 * 1024)
155 fatal("%s: read: bad msg_len %d", _func_, msg_len);
:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
The ssh connection handler exits on error, but the main sshd process hangs on sending the configuration.
This additionally leads to not handling incoming connections anymore and restart of the service to take a long time (1min30) due to Stop timeout.
Version-Release number of selected component (if applicable):
openssh-server-8.0p1-16.el8.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Generate a large configuration file
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
- for i in $(seq 1 10000); do echo -e "Match Group GRP$i\nChrootDirectory /some/path/for/group/$i" >> /etc/ssh/sshd_config; done
-
-
-
-
-
-
- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
-
-
-
-
-
-
2. Restart the service
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
- systemctl restart sshd
-
-
-
-
-
-
- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
-
-
-
-
-
-
3. Try connecting
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
$ ssh localhost
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Actual results:
Hang of ssh client and message on sshd side
Expected results:
No hang, prompt being displayed
Additional info:
Doesn't affect RHEL9.
