nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00
Code Issues Projects Releases Wiki Activity

Don't try SSH-1 RSA authentication unless the server has advertised support

Browse Source 
for it.  It's possible that this obsoletes BUG_CHOKES_ON_RSA.  Certainly
the one SSH-1.5-Cisco-1.25 server I found was correctly not advertising RSA
auth.  For now, leave it in, because I'm not feeling entirely confident.

[originally from svn r7726]
This commit is contained in:
Ben Harris 2007-09-20 21:33:21 +00:00
parent 1e8a5e4796
commit 1854dcd388
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssh.c
View File

@ -3070,6 +3070,8 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
s->supported_auths_mask = ssh_pkt_getuint32(pktin);
if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA))
s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
ssh->v1_local_protoflags =
ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
@ -3323,7 +3325,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
crWaitUntil(pktin);
if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA)) {
if ((s->supported_auths_mask & (1 << SSH1_AUTH_RSA)) == 0) {
/* We must not attempt PK auth. Pretend we've already tried it. */
s->tried_publickey = s->tried_agent = 1;
} else {