Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5279

Cannot login when sshd configuration is larger than 256KB

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • rhel-8.7.0
    • openssh
    • sst_security_crypto
    • ssg_security
    • 1
    • False
    • Hide

      None

      Show
      None
    • Unspecified
    • Crypto23Q4
    • If docs needed, set a value
    • All

    Description

      Description of problem:

      When the sshd configuration file is larger than 256K (main /etc/ssh/sshd_config + includes), it's not possible to log in to the system anymore and the following message is recorded in the journal:
      -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
      Feb 14 12:10:48 vm-rhel8 sshd[2979]: error: ssh_msg_recv: read: bad msg_len 618704
      Feb 14 12:10:48 vm-rhel8 sshd[2979]: fatal: recv_rexec_state: ssh_msg_recv failed
      -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

      On the client side, the ssh process hangs forever.

      The root cause for this is the size of the configuration which cannot be sent to the ssh connection handler, due to the size being larger than 256KB:
      -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
      139 void
      140 mm_request_receive(int sock, struct sshbuf *m)
      141 {
      :
      153 msg_len = PEEK_U32(buf);
      154 if (msg_len > 256 * 1024)
      155 fatal("%s: read: bad msg_len %d", _func_, msg_len);
      :
      -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

      The ssh connection handler exits on error, but the main sshd process hangs on sending the configuration.
      This additionally leads to not handling incoming connections anymore and restart of the service to take a long time (1min30) due to Stop timeout.

      Version-Release number of selected component (if applicable):

      openssh-server-8.0p1-16.el8.x86_64

      How reproducible:

      Always

      Steps to Reproduce:
      1. Generate a large configuration file

      -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

      1. for i in $(seq 1 10000); do echo -e "Match Group GRP$i\nChrootDirectory /some/path/for/group/$i" >> /etc/ssh/sshd_config; done
                    • 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

      2. Restart the service

      -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

      1. systemctl restart sshd
                    • 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

      3. Try connecting

      -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
      $ ssh localhost
      -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

      Actual results:

      Hang of ssh client and message on sshd side

      Expected results:

      No hang, prompt being displayed

      Additional info:

      Doesn't affect RHEL9.

      Attachments

        Activity

          People

            dbelyavs@redhat.com Dmitry Belyavskiy
            rhn-support-rmetrich Renaud Metrich
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: