How to initiate rekey from server by sending data on channel

[rahulcode60]

Hi @ronf,

I am testing one scenario where in I want to get rekey from server where server rekey threshold is 40MB. I am currently trying to send data on channel with help of proc.channel.send_packet method . Here I am sending 1kb data in for loop but on server side auth logs I get something like this.

channel 0: rcvd too much data 1024, win 512

[ronf]

This is one of the reasons not to use send_packet() directly. It doesn't honor the window size being set by the server, and doesn't properly wait for a SSH_MSG_CHANNEL_WINDOW_ADJUST to be received when the amount of outstanding data reaches the window size sent by the peer.

Typically, the window size on a chnanel is around 2 MBytes. If you want to send more than that, you need to wait for the peer to increase the window, indicating that is has consumed the data you've sent so far. This is especially important in cases where multiple channels are open at once on a single TCP connection, as it allows a way to limiting how much buffering is needed for individual channels, where TCP can only provide flow control for the connection as a whole.

If you goal is to focus on re-keying, you might trying sending a message which is not flow-controlled. For instance, there's a MSG_DEBUG at the connection level that could be used for this, and a send_debug() public method on SSHConnection which sends this:

    def send_debug(self, msg: str, lang: str = DEFAULT_LANG,
                   always_display: bool = False) -> None:
        """Send a debug message on this connection

           This method can be called to send a debug message to the
           other end of the connection.

           :param msg:
               The debug message to send
           :param lang:
               The language the message is in
           :param always_display:
               Whether or not to display the message
           :type msg: `str`
           :type lang: `str`
           :type always_display: `bool`

        """

        self.logger.debug1('Sending debug message: %s%s', msg,
                           ' (always display)' if always_display else '')

        self.send_packet(MSG_DEBUG, Boolean(always_display),
                         String(msg), String(lang))

Everything sent over the encrypted channel (which is basically everything once the SSH handshake completes) is counted against the rekeying interval/bytes. You wouldn't even necessarily need to open a session to test rekeying. Just opening a connection should be good enough.

[rahulcode60]

Hi @ronf,
I am currently using this code

`async def main():
try:
async with asyncssh.connect('ip', username='cli') as conn:
async with conn.create_process(term_type='xterm-color') as proc:
login_success = await handle_process(proc)
if login_success:
try:
bytes_sent = 0
chunk = b"A" * (510241024)
for i in range(200000):
#proc.channel.send_packet(MSG_DEBUG, String(chunk.decode('utf-8')))
conn.send_debug(chunk)
bytes_sent += len(chunk)
if bytes_sent % (10 * 1024 * 1024) == 0: # Every 10 MB
logger.info(f"-------->Sent {bytes_sent} bytes. Pausing for 1 second.")
await asyncio.sleep(1)
#logger.info(f"Sent chunk of size: {len(chunk)} bytes")
logger.info(f"Total size: {bytes_sent} bytes")

		     if bytes_sent >= REKEY_THRESHOLD:
			break

`

If I use proc.channel.send_packet(MSG_DEBUG, String(chunk.decode('utf-8'))) getting this error on server side ssh_dispatch_run_fatal: Connection from user cli ip port 36754: incomplete message

If I use conn.send_debug(chunk) I don't see rekey happening even after sending 40mb data.

[ronf]

I'm not sure how OpenSSH implements rekeying, but on AsyncSSH at least it is only implemented on bytes being sent. In other words, no matter how many bytes are received by AsyncSSH, it won't trigger rekeying (at least not based on bytes -- it could still trigger based on time). If OpenSSH is similar, sending data to it won't matter. You need to do something that would cause it to send data back to you, and then you should see it trigger when those received bytes are above whatever rekey limit is set.

The "incomplete message" error may be because you are trying to write the message to a channel, but it's a connection-level message. Also, it takes a Boolean and two String arguments, not one String as arguments. See the code above in send_debug().

[rahulcode60]

I trying to send data from client to server and If rekey threshold(40MB) I want to get a rekey from server.

If I keep this
proc.channel.send_packet(MSG_DEBUG,Boolean(True),b'sdas', String('en-US'))

I get this error on server side
debug1: Setting controlling tty using TIOCSCTTY.
2024-07-26T07:21:40.860523Z 32EC2-81-1 auth.info sshd[18709]: ssh_dispatch_run_fatal: Connection from user cli ip port 36030: string is too large
2024-07-26T07:21:40.860613Z 32EC2-81-1 auth.debug sshd[18709]: debug1: do_cleanup

[ronf]

proc.channel.send_packet(MSG_DEBUG,Boolean(True),b'sdas', String('en-US'))

You're missing a call to String() here around b'sdas'. Without that, the server is going to treat those four bytes as a length field for the debug message, which works out to 1.935,958,387 (almost 2 GB).

Actually, as I mentioned before, you really shouldn't be sending at the channel level here. That adds an extra UInt32 to the front of the list of args, which ends up covering the single-byte always_display argument and some of the bytes of the length of the msg argument. So, even adding String() around the message won't work. You'll still have the wrong set of arguments in the constructed message.

Since send_debug() is public, there's really no reason for you to use send_packet() in this case, and in fact I don't think you can really make send_packet() at the channel level work for this.