From 95368801d394c50596507bc663189831bfbc6c50 Mon Sep 17 00:00:00 2001 From: Ben Harris Date: Tue, 11 Jan 2005 16:33:08 +0000 Subject: [PATCH] Versions of OpenSSH before 2.5.4 kill the connection if the client attempts to rekey. Extend the description of SSH2_BUG_REKEY to cover this situation and apply it to the relevant OpenSSH versions. [originally from svn r5097] --- config.c | 2 +- doc/config.but | 6 ++++-- ssh.c | 8 +++++--- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/config.c b/config.c index 2e3822ac..2fc23626 100644 --- a/config.c +++ b/config.c @@ -1839,7 +1839,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist, ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20, HELPCTX(ssh_bugs_pksessid2), sshbug_handler, I(offsetof(Config,sshbug_pksessid2))); - ctrl_droplist(s, "Ignores key re-exchange completely", 'k', 20, + ctrl_droplist(s, "Handles key re-exchange badly", 'k', 20, HELPCTX(ssh_bugs_rekey2), sshbug_handler, I(offsetof(Config,sshbug_rekey2))); } diff --git a/doc/config.but b/doc/config.but index dcbce98c..8fb87988 100644 --- a/doc/config.but +++ b/doc/config.but @@ -2662,16 +2662,18 @@ SSH2 public-key authentication will fail. This is an SSH2-specific bug. -\S{config-ssh-bug-rekey} \q{Ignores key re-exchange completely} +\S{config-ssh-bug-rekey} \q{Handles key re-exchange badly} \cfg{winhelp-topic}{ssh.bugs.rekey2} -Some very old SSH servers cannot cope with repeat key exchange at +Some SSH servers cannot cope with repeat key exchange at all, and will ignore attempts by the client to start one. Since PuTTY pauses the session while performing a repeat key exchange, the effect of this would be to cause the session to hang after an hour (unless you have your rekey timeout set differently; see \k{config-ssh-kex-rekey} for more about rekeys). +Other, very old, SSH servers handle repeat key exchange even more +badly, and disconnect upon receiving a repeat key exchange request. If this bug is detected, PuTTY will never initiate a repeat key exchange. If this bug is enabled when talking to a correct server, diff --git a/ssh.c b/ssh.c index 9517e95f..32d2b002 100644 --- a/ssh.c +++ b/ssh.c @@ -2139,13 +2139,15 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring) if (ssh->cfg.sshbug_rekey2 == FORCE_ON || (ssh->cfg.sshbug_rekey2 == AUTO && - (wc_match("Sun_SSH_1.0", imp) || + (wc_match("OpenSSH_2.[0-4]*", imp) || + wc_match("OpenSSH_2.5.[0-3]*", imp) || + wc_match("Sun_SSH_1.0", imp) || wc_match("Sun_SSH_1.0.1", imp)))) { /* - * These versions have the SSH2 ignore-rekey bug. + * These versions have the SSH2 rekey bug. */ ssh->remote_bugs |= BUG_SSH2_REKEY; - logevent("We believe remote version has SSH2 ignore-rekey bug"); + logevent("We believe remote version has SSH2 rekey bug"); } }