Package: openssh-server Version: 1:6.2p2-6 Severity: normal I am attempting to transfer a large (1.6 GiB) file over sftp. I have set my RekeyLimit to 1G in my ~/.ssh/config file. When I get to the rekey limit, the connection is reset: vauxhall ok % sftp bmc@castro:/media/data/bmc/finished/upload/ Connected to castro. Changing to: /media/data/bmc/finished/upload/ sftp> put large-file Uploading large-file to /media/data/bmc/finished/upload/large-file large-file 67% 1021MB 8.0MB/s 01:02 ETAConnection closed by 173.11.243.49 Couldn't read packet: Connection reset by peer The auth.log file on the server says: Oct 19 14:01:12 castro sshd[649315]: Authorized to bmc, krb5 principal bmc@CRUSTYTOOTHPASTE.NET (krb5_kuserok) Oct 19 14:01:12 castro sshd[649315]: Accepted gssapi-with-mic for bmc from 172.16.2.247 port 44985 ssh2 Oct 19 14:01:12 castro sshd[649315]: pam_unix(sshd:session): session opened for user bmc by (uid=0) Oct 19 14:01:12 castro sshd[649317]: subsystem request for sftp by user bmc Oct 19 14:03:44 castro sshd[649317]: fatal: xfree: NULL pointer given as argument Oct 19 14:03:44 castro sshd[649315]: pam_unix(sshd:session): session closed for user bmc Note the "fatal: xfree: NULL pointer given as argument" error. This terminates the session. If I set the RekeyLimit value to 2G (larger than my file), it works just fine. If you don't feel like transferring gigabytes of data, I can also reproduce this problem with a 200M RekeyLimit (I haven't tried smaller). It also happens with publickey authentication as well as GSSAPI, although the line starting with "fatal" is not logged in that case. I originally saw this error with sshfs-fuse, but as you can see, it also happens with the plain sftp client. Please let me know if you need more information, as this is easily reproducible for me. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-server depends on: ii adduser 3.113+nmu3 ii dpkg 1.17.1 ii libc6 2.17-93 ii libcomerr2 1.42.8-1 ii libgssapi-krb5-2 1.11.3+dfsg-3 ii libkrb5-3 1.11.3+dfsg-3 ii libpam-modules 1.1.3-9 ii libpam-runtime 1.1.3-9 ii libpam0g 1.1.3-9 ii libselinux1 2.1.13-3 ii libssl1.0.0 1.0.1e-3 ii libwrap0 7.6.q-24 ii lsb-base 4.1+Debian12 ii openssh-client 1:6.2p2-6 ii procps 1:3.3.8-2 ii sysv-rc 2.88dsf-43 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages openssh-server recommends: ii ncurses-term 5.9+20130608-1 ii xauth 1:1.0.7-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> ii openssh-blacklist 0.4.1+nmu1 ii openssh-blacklist-extra 0.4.1+nmu1 pn rssh <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: ssh/disable_cr_auth: false ssh/encrypted_host_key_but_no_keygen: ssh/vulnerable_host_keys: * ssh/use_old_init_script: true -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature