diff --git a/ssh.c b/ssh.c index 1885088f..a3ac60b4 100644 --- a/ssh.c +++ b/ssh.c @@ -1710,6 +1710,7 @@ static int do_ssh_init(unsigned char c) static int vstrsize; static char *vlog; static int i; + static int proto1, proto2; crBegin; @@ -1766,12 +1767,26 @@ static int do_ssh_init(unsigned char c) sfree(vlog); /* - * Server version "1.99" means we can choose whether we use v1 - * or v2 protocol. Choice is based on cfg.sshprot. + * Decide which SSH protocol version to support. */ - if (ssh_versioncmp(version, cfg.sshprot == 1 ? "2.0" : "1.99") >= 0) { + + /* Anything strictly below "2.0" means protocol 1 is supported. */ + proto1 = ssh_versioncmp(version, "2.0") < 0; + /* Anything greater or equal to "1.99" means protocol 2 is supported. */ + proto2 = ssh_versioncmp(version, "1.99") > 0; + + if (cfg.sshprot == 0 && !proto1) { + bombout(("SSH protocol version 1 required by user but not provided by server")); + crReturn(0); + } + if (cfg.sshprot == 3 && !proto2) { + bombout(("SSH protocol version 2 required by user but not provided by server")); + crReturn(0); + } + + if (proto2 && (cfg.sshprot == 2 || !proto1)) { /* - * This is a v2 server. Begin v2 protocol. + * Use v2 protocol. */ char verstring[80], vlog[100]; sprintf(verstring, "SSH-2.0-%s", sshver); @@ -1791,7 +1806,7 @@ static int do_ssh_init(unsigned char c) s_rdpkt = ssh2_rdpkt; } else { /* - * This is a v1 server. Begin v1 protocol. + * Use v1 protocol. */ char verstring[80], vlog[100]; sprintf(verstring, "SSH-%s-%s", @@ -1800,11 +1815,6 @@ static int do_ssh_init(unsigned char c) sprintf(vlog, "We claim version: %s", verstring); logevent(vlog); strcat(verstring, "\n"); - - if (cfg.sshprot == 3) { - bombout(("SSH protocol version 2 required by user but not provided by server")); - crReturn(0); - } logevent("Using SSH protocol version 1"); sk_write(s, verstring, strlen(verstring)); diff --git a/windlg.c b/windlg.c index 2876d9db..474a0547 100644 --- a/windlg.c +++ b/windlg.c @@ -512,6 +512,7 @@ enum { IDCX_ABOUT = IDC_BUGGYMAC, IDC_SSH2DES, IDC_SSHPROTSTATIC, + IDC_SSHPROT1ONLY, IDC_SSHPROT1, IDC_SSHPROT2, IDC_SSHPROT2ONLY, @@ -891,6 +892,7 @@ char *help_context_cmd(int id) case IDC_BUGGYMAC: return "JI(`',`ssh.buggymac')"; case IDC_SSHPROTSTATIC: + case IDC_SSHPROT1ONLY: case IDC_SSHPROT1: case IDC_SSHPROT2: case IDC_SSHPROT2ONLY: @@ -1151,9 +1153,10 @@ static void init_dlg_ctrls(HWND hwnd, int keepsess) CheckDlgButton(hwnd, IDC_SSH2DES, cfg.ssh2_des_cbc); CheckDlgButton(hwnd, IDC_AGENTFWD, cfg.agentfwd); CheckDlgButton(hwnd, IDC_CHANGEUSER, cfg.change_username); - CheckRadioButton(hwnd, IDC_SSHPROT1, IDC_SSHPROT2ONLY, + CheckRadioButton(hwnd, IDC_SSHPROT1ONLY, IDC_SSHPROT2ONLY, cfg.sshprot == 1 ? IDC_SSHPROT1 : - cfg.sshprot == 2 ? IDC_SSHPROT2 : IDC_SSHPROT2ONLY); + cfg.sshprot == 2 ? IDC_SSHPROT2 : + cfg.sshprot == 3 ? IDC_SSHPROT2ONLY : IDC_SSHPROT1ONLY); CheckDlgButton(hwnd, IDC_AUTHTIS, cfg.try_tis_auth); CheckDlgButton(hwnd, IDC_AUTHKI, cfg.try_ki_auth); SetDlgItemText(hwnd, IDC_PKEDIT, cfg.keyfile); @@ -1826,7 +1829,8 @@ static void create_controls(HWND hwnd, int dlgtype, int panel) checkbox(&cp, "Don't allocate a &pseudo-terminal", IDC_NOPTY); checkbox(&cp, "Enable compr&ession", IDC_COMPRESS); radioline(&cp, "Preferred SSH protocol version:", - IDC_SSHPROTSTATIC, 3, + IDC_SSHPROTSTATIC, 4, + "1 on&ly", IDC_SSHPROT1ONLY, "&1", IDC_SSHPROT1, "&2", IDC_SSHPROT2, "2 o&nly", IDC_SSHPROT2ONLY, NULL); checkbox(&cp, "&Imitate SSH 2 MAC bug in commercial <= v2.3.x", @@ -3090,11 +3094,14 @@ static int GenericMainDlgProc(HWND hwnd, UINT msg, cfg.ssh_cipherlist, CIPHER_MAX, 0, hwnd, wParam, lParam); break; + case IDC_SSHPROT1ONLY: case IDC_SSHPROT1: case IDC_SSHPROT2: case IDC_SSHPROT2ONLY: if (HIWORD(wParam) == BN_CLICKED || HIWORD(wParam) == BN_DOUBLECLICKED) { + if (IsDlgButtonChecked(hwnd, IDC_SSHPROT1ONLY)) + cfg.sshprot = 0; if (IsDlgButtonChecked(hwnd, IDC_SSHPROT1)) cfg.sshprot = 1; else if (IsDlgButtonChecked(hwnd, IDC_SSHPROT2))