Suggest a MIN_WINDOW_SIZE and MIN_PACKET_SIZE

Not fully confident with this change, though I will describe my findings
fully in the pull request.  The OpenSSH client requests a maximum packet
size of 16384, but this MIN_PACKET_SIZE value of 32768 causes its request
to be "clamped" up to 32768, later causing an error to stderr on the OpenSSH
client.

Suggest then, to delineate MIN_WINDOW_SIZE from MIN_PACKET_SIZE, as they
are applied.  I don't think there is any minimum value of MIN_PACKET_SIZE,
however we can suggest a value of 4096 for now.

3 files changed, 11 insertions, 7 deletions

diff --git a/paramiko/common.py b/paramiko/common.py
index 97b2f958..0b0cc2a7 100644
--- a/paramiko/common.py
+++ b/paramiko/common.py
@@ -195,7 +195,11 @@ DEFAULT_MAX_PACKET_SIZE = 2 ** 15
 # lower bound on the max packet size we'll accept from the remote host
 # Minimum packet size is 32768 bytes according to
 # http://www.ietf.org/rfc/rfc4254.txt
-MIN_PACKET_SIZE = 2 ** 15
+MIN_WINDOW_SIZE = 2 ** 15
+
+# However, according to http://www.ietf.org/rfc/rfc4253.txt it is perfectly
+# legal to accept a size much smaller, as OpenSSH client does as size 16384.
+MIN_PACKET_SIZE = 2 ** 12
 
 # Max windows size according to http://www.ietf.org/rfc/rfc4254.txt
 MAX_WINDOW_SIZE = 2**32 -1
diff --git a/paramiko/transport.py b/paramiko/transport.py
index 2a700a88..36da3043 100644
--- a/paramiko/transport.py
+++ b/paramiko/transport.py
@@ -43,8 +43,8 @@ from paramiko.common import xffffffff, cMSG_CHANNEL_OPEN, cMSG_IGNORE, \
     MSG_CHANNEL_OPEN_SUCCESS, MSG_CHANNEL_OPEN_FAILURE, MSG_CHANNEL_OPEN, \
     MSG_CHANNEL_SUCCESS, MSG_CHANNEL_FAILURE, MSG_CHANNEL_DATA, \
     MSG_CHANNEL_EXTENDED_DATA, MSG_CHANNEL_WINDOW_ADJUST, MSG_CHANNEL_REQUEST, \
-    MSG_CHANNEL_EOF, MSG_CHANNEL_CLOSE, MIN_PACKET_SIZE, MAX_WINDOW_SIZE, \
-    DEFAULT_WINDOW_SIZE, DEFAULT_MAX_PACKET_SIZE
+    MSG_CHANNEL_EOF, MSG_CHANNEL_CLOSE, MIN_WINDOW_SIZE, MIN_PACKET_SIZE, \
+    MAX_WINDOW_SIZE, DEFAULT_WINDOW_SIZE, DEFAULT_MAX_PACKET_SIZE
 from paramiko.compress import ZlibCompressor, ZlibDecompressor
 from paramiko.dsskey import DSSKey
 from paramiko.kex_gex import KexGex
@@ -1554,7 +1554,7 @@ class Transport (threading.Thread, ClosingContextManager):
     def _sanitize_window_size(self, window_size):
         if window_size is None:
             window_size = self.default_window_size
-        return clamp_value(MIN_PACKET_SIZE, window_size, MAX_WINDOW_SIZE)
+        return clamp_value(MIN_WINDOW_SIZE, window_size, MAX_WINDOW_SIZE)
 
     def _sanitize_packet_size(self, max_packet_size):
         if max_packet_size is None:
diff --git a/tests/test_transport.py b/tests/test_transport.py
index dd522c4e..5cf9a867 100644
--- a/tests/test_transport.py
+++ b/tests/test_transport.py
@@ -35,7 +35,7 @@ from paramiko import Transport, SecurityOptions, ServerInterface, RSAKey, DSSKey
 from paramiko import AUTH_FAILED, AUTH_SUCCESSFUL
 from paramiko import OPEN_SUCCEEDED, OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
 from paramiko.common import MSG_KEXINIT, cMSG_CHANNEL_WINDOW_ADJUST, \
-                            MIN_PACKET_SIZE, MAX_WINDOW_SIZE, \
+                            MIN_PACKET_SIZE, MIN_WINDOW_SIZE, MAX_WINDOW_SIZE, \
                             DEFAULT_WINDOW_SIZE, DEFAULT_MAX_PACKET_SIZE
 from paramiko.py3compat import bytes
 from paramiko.message import Message
@@ -779,7 +779,7 @@ class TransportTest(unittest.TestCase):
         """
         verify that we conform to the rfc of packet and window sizes.
         """
-        for val, correct in [(32767, MIN_PACKET_SIZE),
+        for val, correct in [(4095, MIN_PACKET_SIZE),
                              (None, DEFAULT_MAX_PACKET_SIZE),
                              (2**32, MAX_WINDOW_SIZE)]:
             self.assertEqual(self.tc._sanitize_packet_size(val), correct)
@@ -788,7 +788,7 @@ class TransportTest(unittest.TestCase):
         """
         verify that we conform to the rfc of packet and window sizes.
         """
-        for val, correct in [(32767, MIN_PACKET_SIZE),
+        for val, correct in [(32767, MIN_WINDOW_SIZE),
                              (None, DEFAULT_WINDOW_SIZE),
                              (2**32, MAX_WINDOW_SIZE)]:
             self.assertEqual(self.tc._sanitize_window_size(val), correct)