Failure to handle keepalive packets explicitely cause issues with Cisco and f5 devices

+1 vote
asked Jan 19 by walljm (520 points)

we fixed this internally by addding the following to the SshChannel.cs file in the OnRequestReceived function.

        //NOTE (VAE): This prevents wrong things from happening because of a failure to handle ssh keepalive requests, seen on Cisco Wireless and F5 Network devices
        case "keepalive@openssh.com":
            if (!_closeSent)
            {
                Session.KeepAlive();
            }
            break;
        // VAE

1 Answer

0 votes
answered Jan 22 by Lukas Pokorny (124,570 points)

Thanks for bringing this to our attention!

It looks like the client-side handling of SSH_MSG_CHANNEL_REQUEST packets in Rebex SSH does not conform to RFC 4254, and we will address that in the next release.

However, the proposed solution does not seem to be a proper one either. According to the comment in OpenSSH's server-side code where the keepalive@openssh.com is sent, the expected behavior for the SSH client is to simply respond with a SSH_MSG_CHANNEL_FAILURE packet, which is also what RFC 4254 says.

So we'll address this in a standard-compliant way first. Hopefully, that would address the issues you discovered as well. If not, we would add a workaround later.

commented Jan 22 by walljm (520 points)
Excellent, thanks
...