Add an option to disable SSH-2 banners.

[originally from svn r9055]
2025-01-10 01:48:00 +00:00 · 2010-12-27 01:19:13 +00:00 · 2010-12-27 01:19:13 +00:00 · af1060856e
commit af1060856e
parent 526aff23b6
6 changed files with 27 additions and 2 deletions
--- a/config.c
+++ b/config.c
@ -2088,6 +2088,10 @@ void setup_config_box(struct controlbox *b, int midsession,
 			  HELPCTX(ssh_auth_bypass),
 			  dlg_stdcheckbox_handler,
 			  I(offsetof(Config,ssh_no_userauth)));
+	    ctrl_checkbox(s, "Display pre-authentication banner (SSH-2 only)",
+			  'd', HELPCTX(ssh_auth_banner),
+			  dlg_stdcheckbox_handler,
+			  I(offsetof(Config,ssh_show_banner)));

 	    s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
 			    "Authentication methods");
--- a/doc/config.but
+++ b/doc/config.but
@ -2469,6 +2469,21 @@ unwanted username prompts, you could try checking this option.
 This option only affects SSH-2 connections. SSH-1 connections always
 require an authentication step.

+\S{config-ssh-banner} \q{Display pre-authentication banner}
+
+\cfg{winhelp-topic}{ssh.auth.banner}
+
+SSH-2 servers can provide a message for clients to display to the
+prospective user before the user logs in; this is sometimes known as a
+pre-authentication \q{\i{banner}}. Typically this is used to provide
+information about the server and legal notices.
+
+By default, PuTTY displays this message before prompting for a
+password or similar credentials (although, unfortunately, not before
+prompting for a login name, due to the nature of the protocol design).
+By unchecking this option, display of the banner can be suppressed
+entirely.
+
 \S{config-ssh-tryagent} \q{Attempt authentication using Pageant}

 \cfg{winhelp-topic}{ssh.auth.pageant}
--- a/putty.h
+++ b/putty.h
@ -470,6 +470,7 @@ struct config_tag {
    int sshprot;		       /* use v1 or v2 when both available */
    int ssh2_des_cbc;		       /* "des-cbc" unrecommended SSH-2 cipher */
    int ssh_no_userauth;	       /* bypass "ssh-userauth" (SSH-2 only) */
+    int ssh_show_banner;	       /* show USERAUTH_BANNERs (SSH-2 only) */
    int try_tis_auth;
    int try_ki_auth;
    int try_gssapi_auth;               /* attempt gssapi auth */
--- a/settings.c
+++ b/settings.c
@ -348,6 +348,7 @@ void save_open_settings(void *sesskey, Config *cfg)
    write_setting_i(sesskey, "RekeyTime", cfg->ssh_rekey_time);
    write_setting_s(sesskey, "RekeyBytes", cfg->ssh_rekey_data);
    write_setting_i(sesskey, "SshNoAuth", cfg->ssh_no_userauth);
+    write_setting_i(sesskey, "SshBanner", cfg->ssh_show_banner);
    write_setting_i(sesskey, "AuthTIS", cfg->try_tis_auth);
    write_setting_i(sesskey, "AuthKI", cfg->try_ki_auth);
    write_setting_i(sesskey, "AuthGSSAPI", cfg->try_gssapi_auth);
@ -645,6 +646,7 @@ void load_open_settings(void *sesskey, Config *cfg)
    gpps(sesskey, "LogHost", "", cfg->loghost, sizeof(cfg->loghost));
    gppi(sesskey, "SSH2DES", 0, &cfg->ssh2_des_cbc);
    gppi(sesskey, "SshNoAuth", 0, &cfg->ssh_no_userauth);
+    gppi(sesskey, "SshBanner", 1, &cfg->ssh_show_banner);
    gppi(sesskey, "AuthTIS", 0, &cfg->try_tis_auth);
    gppi(sesskey, "AuthKI", 1, &cfg->try_ki_auth);
    gppi(sesskey, "AuthGSSAPI", 1, &cfg->try_gssapi_auth);
--- a/ssh.c
+++ b/ssh.c
@ -7194,12 +7194,14 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
 }

 /*
- * Buffer banner messages for later display at some convenient point.
+ * Buffer banner messages for later display at some convenient point,
+ * if we're going to display them.
 */
 static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
 {
    /* Arbitrary limit to prevent unbounded inflation of buffer */
-    if (bufchain_size(&ssh->banner) <= 131072) {
+    if (ssh->cfg.ssh_show_banner &&
+	bufchain_size(&ssh->banner) <= 131072) {
 	char *banner = NULL;
 	int size = 0;
 	ssh_pkt_getstring(pktin, &banner, &size);
--- a/windows/winhelp.h
+++ b/windows/winhelp.h
@ -102,6 +102,7 @@
 #define WINHELP_CTX_ssh_kexlist "ssh.kex.order:config-ssh-kex-order"
 #define WINHELP_CTX_ssh_kex_repeat "ssh.kex.repeat:config-ssh-kex-rekey"
 #define WINHELP_CTX_ssh_auth_bypass "ssh.auth.bypass:config-ssh-noauth"
+#define WINHELP_CTX_ssh_auth_banner "ssh.auth.banner:config-ssh-banner"
 #define WINHELP_CTX_ssh_auth_privkey "ssh.auth.privkey:config-ssh-privkey"
 #define WINHELP_CTX_ssh_auth_agentfwd "ssh.auth.agentfwd:config-ssh-agentfwd"
 #define WINHELP_CTX_ssh_auth_changeuser "ssh.auth.changeuser:config-ssh-changeuser"