Subject: Re: rfc2228 in ftpd
To: None <>
From: Lucio De Re <>
List: tech-userlevel
Date: 06/25/2002 06:28:54
On Mon, Jun 24, 2002 at 08:54:04AM -0700, Jason R Thorpe wrote:
> One of the most annoying things about GSSAPI for SSHv2 is the occasional
> rekeying that the SSHv2 transport does.  What happens is that the user's
> ticket eventually expires during the login session, a rekey is attempted,
> and the session is killed because the rekey failed due to expired ticket.
> Now, while this may be strictly correct ("of course the session should
> die once the ticket expires!"), it is different from every other login
> mechanism that uses Kerberos that I am aware of.
I'm jumping in here, late, and with no regard to any message that may
have followed this.  Wouldn't this particular problem be resolved by
following the DHCP lease renewal rules: apply for a new lease half way
to expiry?

I haven't ever investigated the SSH protocol, so I could be right out
of turn, but that seems an obvious correction to the problem as Jason
formulated it.

I'll be happy to be corrected and informed.