Stop supporting fallback between SSH versions.

The UI now only has "1" and "2" options for SSH protocol version, which behave like the old "1 only" and "2 only" options; old SSH-N-with-fallback settings are interpreted as SSH-N-only. This prevents any attempt at a protocol downgrade attack. Most users should see no difference; those poor souls who still have to work with SSH-1 equipment now have to explicitly opt in.
2025-07-15 01:57:40 -05:00 · 2016-03-28 20:23:57 +01:00
parent 43f1aa01cd
commit 16dfefcbde
9 changed files with 90 additions and 43 deletions
--- a/settings.c
+++ b/settings.c
@ -803,8 +803,15 @@ void load_open_settings(void *sesskey, Conf *conf)
           hknames, HK_MAX, conf, CONF_ssh_hklist);
    gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time);
    gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data);
-    /* SSH-2 only by default */
-    gppi(sesskey, "SshProt", 3, conf, CONF_sshprot);
+    {
+	/* SSH-2 only by default */
+	int sshprot = gppi_raw(sesskey, "SshProt", 3);
+	/* Old sessions may contain the values correponding to the fallbacks
+	 * we used to allow; migrate them */
+	if (sshprot == 1)      sshprot = 0; /* => "SSH-1 only" */
+	else if (sshprot == 2) sshprot = 3; /* => "SSH-2 only" */
+	conf_set_int(conf, CONF_sshprot, sshprot);
+    }
    gpps(sesskey, "LogHost", "", conf, CONF_loghost);
    gppi(sesskey, "SSH2DES", 0, conf, CONF_ssh2_des_cbc);
    gppi(sesskey, "SshNoAuth", 0, conf, CONF_ssh_no_userauth);