Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: rhel-8.10
Affects Version/s: rhel-8.7.0
Component/s: openssh
Labels:
- Accepted
- CY24Q1
- Committed
- MigratedToJIRA
- Triaged

Fixed in Build:
openssh-8.0p1-21.el8
Severity:
Major
Epic Link:
CRYPTO-11733
sprint_count:
1

Pool Team:

sst_security_crypto
Sub-System Group:

ssg_security

Internal Target Milestone:
26
Story Points:
1
ACKs Check:

QE ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
Crypto24Q1

Acceptance Criteria:

Hide

AC1) config file with size larger than 256k should not prevent logins

AC2) upper size limit for login file is synchronized with upstream

Show
AC1) config file with size larger than 256k should not prevent logins AC2) upper size limit for login file is synchronized with upstream
Preliminary Testing:
Pass
Test Link:
https://tcms.engineering.redhat.com/case/0616695/
Errata Link:
https://errata.devel.redhat.com/advisory/123644
Test Coverage:

Automated

Release Note Type:
Bug Fix
Release Note Text:

Hide
.Large SSHD configuration files no longer prevent login

Previously, when the SSHD configuration file was larger than 256 KB, an error occurred when logging into the system. As a consequence, remote systems were unreachable. This update removes the file size limitation, and therefore users can log in to the system when the SSHD configuration file is larger than 256 KB.

Show
.Large SSHD configuration files no longer prevent login Previously, when the SSHD configuration file was larger than 256 KB, an error occurred when logging into the system. As a consequence, remote systems were unreachable. This update removes the file size limitation, and therefore users can log in to the system when the SSHD configuration file is larger than 256 KB.
Release Note Status:
Done

Experience:
Architecture:

All
Bugzilla Bug:
RHBZ: 2169693

PX Impact Score:
PX Priority Data:
PX Review Complete:
PX Scheduling Request:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:

When the sshd configuration file is larger than 256K (main /etc/ssh/sshd_config + includes), it's not possible to log in to the system anymore and the following message is recorded in the journal:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Feb 14 12:10:48 vm-rhel8 sshd[2979]: error: ssh_msg_recv: read: bad msg_len 618704
Feb 14 12:10:48 vm-rhel8 sshd[2979]: fatal: recv_rexec_state: ssh_msg_recv failed
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

On the client side, the ssh process hangs forever.

The root cause for this is the size of the configuration which cannot be sent to the ssh connection handler, due to the size being larger than 256KB:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
139 void
140 mm_request_receive(int sock, struct sshbuf *m)
141 {
:
153 msg_len = PEEK_U32(buf);
154 if (msg_len > 256 * 1024)
155 fatal("%s: read: bad msg_len %d", _func_, msg_len);
:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

The ssh connection handler exits on error, but the main sshd process hangs on sending the configuration.
This additionally leads to not handling incoming connections anymore and restart of the service to take a long time (1min30) due to Stop timeout.

Version-Release number of selected component (if applicable):

openssh-server-8.0p1-16.el8.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Generate a large configuration file

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

for i in $(seq 1 10000); do echo -e "Match Group GRP$i\nChrootDirectory /some/path/for/group/$i" >> /etc/ssh/sshd_config; done
- - - - 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

2. Restart the service

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

systemctl restart sshd
- - - - 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

3. Try connecting

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
$ ssh localhost
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Actual results:

Hang of ssh client and message on sshd side

Expected results:

No hang, prompt being displayed

Additional info:

Doesn't affect RHEL9.

external trackers

Red Hat Customer Portal 03434435

Red Hat Issue Tracker CRYPTO-9571

Red Hat Issue Tracker RHELPLAN-148574

links to

RHBA-2023:123644 openssh bug fix and enhancement update

mentioned on

Commit - Avoid sshd_config 256K limit

Assignee:: Dmitry Belyavskiy

Reporter:: Renaud Métrich

Developer:: Dmitry Belyavskiy

QA Contact:: Miluse Bezo Konecna

Doc Contact:: Jan Fiala

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 2023/09/19 11:55 PM

Updated:: 2024/06/19 11:01 AM

Resolved:: 2024/05/22 10:14 AM

Target end:: 2024/02/26

Release Date:: 2024/05/22

Details

Description

Attachments

Issue Links

Activity

People

Dates