Re: Incorrect protocol implementation by OpenSSH?

On Fri, 28 Sep 2007 19:14:35 +0100, Ben Harris wrote:

In article <pan.2007.09.28.16.09.52@xxxxxxxxx>, H.K. Kingston-Smith
<HKK-S@xxxxxxxxx> wrote:
On Fri, 28 Sep 2007 12:18:33 +0100, Ben Harris wrote:
If the server S does not support a certain type of request (exec,
in this case) and the client C sends an SSH_MSG_CHANNEL_REQUEST message
of that type, with want-reply set to 0, what is S supposed to do?

Ignore it. If the client wanted a reply, it would have set 'want reply'
to true. If 'want reply' is false, the client isn't expecting a reply
and is likely to be terribly confused if one arrives.

So what's the OpenSSL client doing here? It does not want to have
a reply of any sort. What is it then expecting for the server to do if
the server can't honor the request?

I suspect the OpenSSH maintainers simply haven't considered the
possibility, or hadn't in 2000 when the code was written. RFC 4254
(section 6.5) certainly counsels against such optimism:

It is RECOMMENDED that the reply to these messages be requested and
checked.

There are usually some of OpenSSH's authors lurking around here, so they
might be able to explain this decision, or you may have to ask them
directly.

I have just checked out that an SSH conversation between an
OpenSSH (I just noticed that I wrote OpenSSL in several places instead;
my apologies for that) server and an OpenSSH client does indeed end up
deadlocked in the situation I describe (I used version 4.7p1, changing
the channel request for a shell so that the client sends a request for a
"thell" :-)

Based on this, ignoring the request is not an option: The server
should send something back. What should it send back? The standard does
not seem to have anything to say about this.

Can anybody throw some further light into this?

.

Relevant Pages

  • Re: breaking the model
    ... > The forms data then is in the Request object. ... HTTP Request; in this case, the form POST Request from the Page. ... client and server. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Resolving record with enumerated type
    ... In a CPU BFM package, ... because data goes in two directions (request from the ... from the server to the client), you'll need some way to orchestrate ...
    (comp.lang.vhdl)
  • Re: NadaNet file server coming soon...
    ... Applesoft BASIC running under ProDOS, in less than 300 lines, ... After each command is completed by the server, ... client the result code, the AUX TYPE, ... forgoes queueing (since one client can't have more than one request ...
    (comp.sys.apple2)
  • Re: Performance Issue with Runtime Image
    ... >> the client, closes the connection, then dies. ... request before even accepting the next incoming connection. ... The client program is unaffected so presumably the server is ...
    (comp.lang.smalltalk.dolphin)
  • HTTPWebRequest - GetResponse throws exception
    ... I am trying to make a HTTP request to a component on a server. ... at OMNI_Common.MakeCISRequest.MakeWebRequest(String URL, String ... been processed and the data is being sent back to the client. ...
    (microsoft.public.dotnet.framework)