comp.security.ssh contains a Dr Watson log which looks to me as if
`unclean-close-crash' occurred due to a rekey timer going off after
the session had closed. Hence, ssh2_timer() now avoids doing
anything if the session is already closed, and also ssh_do_close()
proactively calls expire_timer_context(). Between those I think they
ought to solve the problem.
[originally from svn r5564]
ssh2_try_send() to no longer be run after receiving WINDOW_ADJUSTs.
I believe this is likely to have been the cause of recent PSCP
hanging issues.
[originally from svn r5517]
[r4909 == 02b0474f57]
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>
[originally from svn r5480]
prompts, to make it more obvious if a server is attempting to spoof a local
passphrase prompt.
I believe an alert user could have spotted this in all cases in SSH-2,
although perhaps not in SSH-1. (But they'd have to have enabled
TIS/CryptoCard.)
[originally from svn r5450]
Port forwardings are set up before initialising the last few details
of the main shell session, so ssh->state can reasonably hold values
other than SSH_STATE_SESSION and SSH_STATE_CLOSED during calls to
sshfwd_*.
[originally from svn r5446]
connection_fatal(), since the latter is entitled to destroy the
backend so `ssh' may no longer be valid once it returns.
For the Unix port, switch exit(0) to gtk_main_quit() in
notify_remote_exit(), so that we don't exit before the subsequent
connection_fatal()!
[originally from svn r5445]
cfg.remote_cmd is to be used, rather than actually pointing at
cfg.remote_cmd. This change restores the ability to structure-copy
Configs without breaking them. (Though of course this is only a
temporary solution: really what wants doing is to fix
`config-struct'.)
[originally from svn r5335]
now returns an integer: 0 means cancel the SSH connection and 1
means continue with it. Additionally, they can return -1, which
means `front end has set an asynchronous alert box in motion, please
wait to be called back with the result', and each one is passed a
callback function pointer and context for this purpose.
I have not yet done the same to askappend() yet, because it will
take a certain amount of reorganisation of logging.c.
Importantly, this checkin means the host key dialog box now works on
OS X.
[originally from svn r5330]
changing its mouse pointer. Currently this is only used in the (slightly-
arbitrarily-defined) "heavy" bits of SSH-2 key exchange. We override pointer
hiding while PuTTY is busy, but preserve pointer-hiding state.
Not yet implemented on the Mac.
Also switch to frobbing window-class cursor in Windows rather than relying on
SetCursor().
[originally from svn r5303]
for which we don't yet have a remote number, and instead add a flag to indicate
this fact. Fixes bug ssh-remoteid-minusone.
[originally from svn r5171]
tested since none of the common key-exchange protocols starts with a packet
from the server, so I don't have a server that implements this.
[originally from svn r5162]
only send it when it will significantly increase the server's idea of our
window. This avoids the slew of one-byte WINDOW_ADJUSTs that an interactive
shell typically generates.
[originally from svn r5121]
to see the server slam the TCP connection shut (i.e. almost never,
unless it's just sent us an SSH_MSG_DISCONNECT), and treat an
unexpected closure as a non-clean session termination. Previously
any server-initiated connection closure was being treated as a clean
exit, which was a hangover from the good old Telnet-only days.
[originally from svn r5098]
[this svn revision also touched putty-wishlist]
deal with rekeys at all: they totally ignore mid-session KEXINIT
sent by the client. Hence, a new bug entry so we don't try it.
[originally from svn r5092]
exchange. Without doing this, after we have done one specific-group
DH exchange (group1 or group14), ssh2_pkt_type _always_ translates
30 and 31 as KEXDH_INIT and KEXDH_REPLY, making a subsequent
group-exchange kex look rather strange in an SSH packet log.
[originally from svn r5081]
INFO_REQUESTs, and for some reason Debian OpenSSH is sending INFO_REQUESTs
containing no prompts after a normal password authentication, so this
should fix Shai's problem.
[originally from svn r5078]
[r5068 == 297ee2573e]
[this svn revision also touched putty-wishlist]
SSH connection when we're in the middle of asking the user a
dialog-box-type question. Fixes `unix-kex-packet', which has just
bitten me when connecting to one of the work Suns.
[originally from svn r5071]
[this svn revision also touched putty-wishlist]
long as the server offers it, rather than only once, unless the server responds
to our initial USERAUTH_REQUEST("keyboard-interactive") with FAILURE, in which
case we give up on it entirely.
[originally from svn r5068]
[this svn revision also touched putty-wishlist]
mid-session in SSH2: this forces an immediate rekey to activate the
new settings. I'm not sure exactly what this will be useful for
(except possibly it might make comparative performance testing
easier?), but it has wonderful James Bond value for being able to
switch to a more secure cipher before doing anything sensitive :-)
If, that is, you weren't using the most secure one to begin with...
[originally from svn r5051]
to be destroying old ones _before_ creating new ones, so that we can
reuse a port for a new purpose without colliding with ourselves.
Also fixed port forwarding, which my IPv6 checkin had completely
funted :-)
[originally from svn r5049]
of polishing to bring them to what I think should in principle be
release quality. Unlike the unfix.org patches themselves, this
checkin enables IPv6 by default; if you want to leave it out, you
have to build with COMPAT=-DNO_IPV6.
I have tested that this compiles on Visual C 7 (so the nightlies
_should_ acquire IPv6 support without missing a beat), but since I
don't have IPv6 set up myself I haven't actually tested that it
_works_. It still seems to make correct IPv4 connections, but that's
all I've been able to verify for myself. Further testing is needed.
[originally from svn r5047]
[this svn revision also touched putty-wishlist]
mid-session if we are not using SSHv1. I've done this by introducing
a generic `cfg_info' function which every back end can use to
communicate an int's worth of data to setup_config_box; in SSH
that's the protocol version in use, and in everything else it's
currently zero.
[originally from svn r5040]
[r5031 == d77102a8d5]
IPv6-unrelated changes, which convert ints into unsigned in a few
key places in ssh.c. Looks harmless at worst, possibly terribly
useful, so I think we'll have these no matter what the real IPv6
stuff is up to!
[originally from svn r5038]
