Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-10570: SCP rekey fails for Kerberos connection with file size is large than 1GB

25 June,18 at 11:01 AM

Applies to: Centrify-SSHD 7.2p1 - 7.6p1
When scp/sftp any file larger than 1GB, it stop at 1023MB with the following host key verification error:
[trust1@red7 ~]$ scp /tmp/
Red Hat Enterprise Linux Server release 5.7 (Tikanga)
Kernel 2.6.18-274.el5 on an x86_64                                                                                                                           29% 1023MB  22.6MB/s   01:47 ETAThe authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:qJJDj/h0iNwmS7iZaL54rhVvEA0pWLYAL/NNDkn3aeQ.                                                                                                                           29% 1023MB   0.0KB/s - stalled -^C Host key verification failed.
Root cause:
This is OpenSSH bug in GSSAPI key exchange that it failed to validate the host hence restricted the limit to 1GB. As Centrify-sshd is based on openssh, hence we are seeing the same problem as openssh.
Turn of GSSAPI key exchange.
Edit /etc/centrifydc/ssh/sshd_config, set the below to no
>GSSAPIKeyExchange no
After the above, restart Centrify-SSHD daemon
# /etc/init.d/centirfy-sshd restart
It will be fixed in the next release of centrify-sshd, in release 18.8.