Pageant for local authentication. (This is a `don't use Pageant for
authentication at session startup' button rather than a `pretend
Pageant doesn't exist' button: that is, agent forwarding is
independent of this option.)
[originally from svn r6572]
to be from IP "client-side-connection". Claiming "0.0.0.0" instead seems to
work. Spotted by Brant Thomsen.
[originally from svn r6477]
[this svn revision also touched putty-wishlist]
that the SSH-2 server is happy with. Fixed, and since I'm here, fix
`pubkeyfile-and-pageant' as well (for SSH-1 and SSH-2).
Also, in SSH-2, we now reexamine "methods that can continue" for every
Pageant key offer, which is technically more correct although it seems
unlikely that it was causing any real problems.
(It's not entirely pretty, but neither was the old code. We could probably
do with some sort of abstraction for public/private keys to avoid carting
lots of fiddly bits of data around.)
[originally from svn r6459]
[r6437 == 8719f92c14]
[this svn revision also touched putty-wishlist]
(Much easier since r6437, and actually works to boot.)
[originally from svn r6445]
[r6437 == 8719f92c14]
[this svn revision also touched putty-wishlist]
abstracted out; replace loops structured around a single interaction
per loop with less tortuous code (fixes: `ki-multiprompt-crash',
`ssh1-bad-passphrase-crash'; makes `ssh2-password-expiry' and
`proxy-password-prompt' easier).
The new interaction abstraction has a lot of fields that are unused in
the current code (things like window captions); this is groundwork for
`gui-auth'. However, ssh.c still writes directly to stderr; that may
want to be fixed.
In the GUI apps, user interaction is moved to terminal.c. This should
make it easier to fix things like UTF-8 username entry, although I
haven't attempted to do so. Also, control character filtering can be
tailored to be appropriate for individual front-ends; so far I don't
promise anything other than not having made it any worse.
I've tried to test this fairly exhaustively (although Mac stuff is
untested, as usual). It all seems to basically work, but I bet there
are new bugs. (One I know about is that you can no longer make the
PuTTY window go away with a ^D at the password prompt; this should be
fixed.)
[originally from svn r6437]
[this svn revision also touched putty-wishlist]
packets over about 256 bytes would be logged with 12 bytes of preceding
garbage. (But the rest of the packet was logged in its entirety. This
holds for packets where (int(len/256)%2)==1, with an appropriate fudge
factor applied to `len'.) Ahem.
[originally from svn r6429]
[r5642 == c09d885b27]
patched OpenSSH server. This is controlled by the same user settings
as diffie-hellman-group-exchange-sha1, which may not be optimal, especially
given that they're both referred to as dh-gex-sha1 in saved sessions.
[originally from svn r6272]
storing a SHA-1 hash of the client and server version strings, store the
strings themselves so we can feed them through the appropriate hash when
we know what it is.
[originally from svn r6241]
processed and incoming data being processed out of order, which I suspect is
the cause of `ssh1-fwd-trouble' as noted by Gevan Dutton. I'm not able to
test the failure case, but it doesn't seem to have obviously broken anything
in the cases I have tested, anyway.
[originally from svn r6221]
marks a version string. It's a bit vague about the definition of a line,
but I think it's reasonable to assume that they'll end with LF. Change
do_ssh_init() to ignore "SSH-" anywhere else. This makes the existing state
machine overkill, so replace it with something a little more readable.
[originally from svn r6138]
do_ssh2_transport() was returning the wrong value for rekeys after the first.
This apparent error was introduced in r4901, but we can't see any reason for
the change to have been made. If it turns out to be a mistake to revert it,
I'm sure we'll find out.
Here for posterity is Simon's analysis:
| A lot of the return values from do_ssh2_transport appear to be vestigial: it
| used to be that a zero return from do_ssh2_transport meant it had handled the
| packet internally, and a 1 return meant the packet wasn't a transport-layer
| one and needed to pass on to do_ssh2_authconn. Since r4901, however, the
| layer discrimination is done based on the message type ranges, and the only
| remaining dependency on the return value from do_ssh2_transport is a special
| case in ssh2_protocol which detects the first 1 return and makes the
| initialisation call to do_ssh2_authconn.
|
| Therefore, the gratuitous 1 return on every key exchange as a result of the
| confusing if statement is simply ignored in ssh2_protocol (because
| ssh->protocol_initial_phase_done is already TRUE). So the remaining question
| was, why does the _lack_ of that 1 return not cause a problem, if the if's
| sense is indeed reversed?
|
| The answer is that 1 is still returned, just not by the crReturn inside the
| if statement. It's returned by the next crReturn, just after
| wait_for_rekey(). Which suggests that in fact, the if statement has the
| correct sense, but the crReturn inside it has the wrong value - it should be
| returning _zero_, to indicate that every NEWKEYS after the first one is
| uninteresting to the authconn code, and on the very first run through that
| doesn't happen and the NEWKEYS gets all the way to the crReturn(1) later on.
[originally from svn r5986]
[r4901 == a4ba026838]
enforce the following:
* Packet must have at least one byte of payload and four bytes of padding.
* Total packet length must not exceed 35000 bytes compressed.
* Total packet length including length field must be a multiple of cipher
block size (or eight bytes).
The feebleness of our old checks was noticed by Ben Rudiak-Gould.
[originally from svn r5981]
and add the ability to treat a local disconnection as "unclean" -- notably, if
we can't agree any authentication methods to even try; someone was complaining
that the PuTTY window by default just disappears for no apparent reason in this
circumstance.
Also, use appropriate disconnect codes for those SSH2_MSG_DISCONNECT messages
that we do send.
I don't think I've seriously broken any user-visible behaviour, but the way
that connection-close distinctions are transmitted to the front-end is shaky
(or so it seems to me), so there may be non-ideal changes on some platforms.
[originally from svn r5824]
hopefully solve `drop-banner'. I haven't been able to test the failure case,
but the behaviour with OpenSSH appears no worse.
[originally from svn r5772]
[this svn revision also touched putty-wishlist]
there are servers which could in principle operate in this mode, although I
don't know if any do in practice. (Hence, I haven't been able to test it.)
[originally from svn r5748]
[this svn revision also touched putty-wishlist]
server, which led to stalemate if the server did the same. PuTTY now sends
KEXINIT proactively as soon as it's worked out that it's talking SSH-2.
[originally from svn r5685]
default preferred cipher), add code to inject SSH_MSG_IGNOREs to randomise
the IV when using CBC-mode ciphers. Each cipher has a flag to indicate
whether it needs this workaround, and the SSH packet output maze has gained
some extra complexity to implement it.
[originally from svn r5659]
Unix Plink sends everything sensible it can find, and it's fully configurable
from the GUI.
I'm not entirely sure about the precise set of modes that Unix Plink should
look at; informed tweaks are welcome.
Also the Mac bits are guesses (but trivial).
[originally from svn r5653]
[this svn revision also touched putty-wishlist]
end, after the REQUIRED "hmac-sha1".) This has been present since SSH-2
support was introduced (r569).
[originally from svn r5643]
[r569 == 35205e5cb7]
I've added this to support `terminal-modes', but since this unifies some
SSH-1 and SSH-2 packet construction code, it saves a few hundred bytes.
Bonus.
[originally from svn r5642]
