nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Code Issues Projects Releases Wiki Activity

Versions of OpenSSH before 2.5.4 kill the connection if the client attempts

Browse Source 
to rekey.  Extend the description of SSH2_BUG_REKEY to cover this situation
and apply it to the relevant OpenSSH versions.

[originally from svn r5097]
This commit is contained in:
Ben Harris 2005-01-11 16:33:08 +00:00
parent d5de8eacab
commit 95368801d3
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.c
View File

@ -1839,7 +1839,7 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20, ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20,
HELPCTX(ssh_bugs_pksessid2), HELPCTX(ssh_bugs_pksessid2),
sshbug_handler, I(offsetof(Config,sshbug_pksessid2))); sshbug_handler, I(offsetof(Config,sshbug_pksessid2)));
ctrl_droplist(s, "Ignores key re-exchange completely", 'k', 20, ctrl_droplist(s, "Handles key re-exchange badly", 'k', 20,
HELPCTX(ssh_bugs_rekey2), HELPCTX(ssh_bugs_rekey2),
sshbug_handler, I(offsetof(Config,sshbug_rekey2))); sshbug_handler, I(offsetof(Config,sshbug_rekey2)));
} }

6
doc/config.but
View File

@ -2662,16 +2662,18 @@ SSH2 public-key authentication will fail.
This is an SSH2-specific bug. This is an SSH2-specific bug.
\S{config-ssh-bug-rekey} \q{Ignores key re-exchange completely} \S{config-ssh-bug-rekey} \q{Handles key re-exchange badly}
\cfg{winhelp-topic}{ssh.bugs.rekey2} \cfg{winhelp-topic}{ssh.bugs.rekey2}
Some very old SSH servers cannot cope with repeat key exchange at Some SSH servers cannot cope with repeat key exchange at
all, and will ignore attempts by the client to start one. Since all, and will ignore attempts by the client to start one. Since
PuTTY pauses the session while performing a repeat key exchange, the PuTTY pauses the session while performing a repeat key exchange, the
effect of this would be to cause the session to hang after an hour effect of this would be to cause the session to hang after an hour
(unless you have your rekey timeout set differently; see (unless you have your rekey timeout set differently; see
\k{config-ssh-kex-rekey} for more about rekeys). \k{config-ssh-kex-rekey} for more about rekeys).
Other, very old, SSH servers handle repeat key exchange even more
badly, and disconnect upon receiving a repeat key exchange request.
If this bug is detected, PuTTY will never initiate a repeat key If this bug is detected, PuTTY will never initiate a repeat key
exchange. If this bug is enabled when talking to a correct server, exchange. If this bug is enabled when talking to a correct server,

8
ssh.c
View File

@ -2139,13 +2139,15 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
if (ssh->cfg.sshbug_rekey2 == FORCE_ON || if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
(ssh->cfg.sshbug_rekey2 == AUTO && (ssh->cfg.sshbug_rekey2 == AUTO &&
(wc_match("Sun_SSH_1.0", imp) || (wc_match("OpenSSH_2.[0-4]*", imp) ||
wc_match("OpenSSH_2.5.[0-3]*", imp) ||
wc_match("Sun_SSH_1.0", imp) ||
wc_match("Sun_SSH_1.0.1", imp)))) { wc_match("Sun_SSH_1.0.1", imp)))) {
/* /*
* These versions have the SSH2 ignore-rekey bug. * These versions have the SSH2 rekey bug.
*/ */
ssh->remote_bugs |= BUG_SSH2_REKEY; ssh->remote_bugs |= BUG_SSH2_REKEY;
logevent("We believe remote version has SSH2 ignore-rekey bug"); logevent("We believe remote version has SSH2 rekey bug");
} }
} }