mina-sshd icon indicating copy to clipboard operation
mina-sshd copied to clipboard
verified publisher icon apache

ssh packet size 32kb to 64kb possible? ...

Open alan-vos opened this issue 7 months ago • 3 comments

The is a question. I understand the RFC for SSH is 32kb by default. But my understanding is that it could be altered. Is that possible with Apache MINA?

My sshd stack is: Apache MINA, Netty (4.20.x), Apache SSHD.

I've tried just about everything to get it to send more than 32kb, but to no avail.

alan-vos avatar May 02 '25 21:05 alan-vos

Yes, RFC 4253 requires all SSH implementations to handle packets up to 35000 bytes, and recommends that larger packets should be handled, too. Apache MINA sshd and OpenSSH can handle packets up to 256kB on reception.

I suppose you're trying to send larger packets for data transfer? In a channel, it's the receiver who says what packet size it requires. See RFC 4254, section 5.1 So when you open a channel you'd have to two things:

  1. Send with the SSH_MSG_CHANNEL_OPEN request a larger maximum packet size (for instance, 256kB, or maybe a little smaller, say, 254kB). (Might make sense if you're mostly receiving data, like downloading something. It doesn't guarantee that the sender will send such large packets, though, it just says that the client will accept packets up to 254kB. The sender might still decide to send smaller packets.)
  2. Make the receiver use a larger packet size in its SSH_MSG_CHANNEL_OPEN_CONFIRMATION reply. Might make sense if you want to send a lot of data (uploading), but needs cooperation from the receiver.

For Apache MINA sshd, the packet size can be defined via CoreModuleProperties.MAX_PACKET_SIZE. I don't know how you'd configure it on the receiver's end if it isn't an Apache MINA sshd implementation. I'm not aware of any SSH protocol extension to re-negotiate the packet size for a channel after the channel has been opened.

tomaswolf avatar May 05 '25 08:05 tomaswolf

Thank you for the reply.

Yes, I've already tried, "coreModuleProperties.MAX_PACKET_SIZE". The ssh client does send larger packets, but as you said the sshd server (also Java MINA, Apache ssh, Netty) forces the default 32kb limitation.

The SSH RFC is from January 2006. They should update it to support faster networks that can easily handle larger packets and dedicated encryption hardware acceleration. The ability to negotiate protocols should also include packet size negotiation too.

Any idea where I should be looking at Java code for the server side implementation?

alan-vos avatar May 05 '25 20:05 alan-vos

If you have an Apache MINA sshd server and set CoreModuleProperties.MAX_PACKET_SIZE on the SshServer or on the ServerSession, then that server should also use that value for the maximum packet size of a channel.

tomaswolf avatar May 05 '25 21:05 tomaswolf