Re: Incorrect protocol implementation by OpenSSH?



In article <pan.2007.09.28.20.24.16@xxxxxxxxx>,
H.K. Kingston-Smith <HKK-S@xxxxxxxxx> wrote:
I have just checked out that an SSH conversation between an
OpenSSH (I just noticed that I wrote OpenSSL in several places instead;
my apologies for that) server and an OpenSSH client does indeed end up
deadlocked in the situation I describe (I used version 4.7p1, changing
the channel request for a shell so that the client sends a request for a
"thell" :-)

Based on this, ignoring the request is not an option: The server
should send something back. What should it send back?

If you really want to work around what seems to be an OpenSSH bug, I'd
suggest forcibly closing the channel over which the request arrived.
This will avoid killing any other channels that might be running over
the same connection, but should make it clear to the client that no good
will come of the channel. If you do this, it should only be in
response to a "shell" or "exec" request with 'want reply' false, and
preferably only if the client has identified itself as OpenSSH. That
way, you'll minimise the chances of causing new problems with sensible
clients.

--
Ben Harris
.



Relevant Pages

  • Re: Incorrect protocol implementation by OpenSSH?
    ... If the server S does not support a certain type of request (exec, ... If the client wanted a reply, it would have set 'want reply' ... OpenSSH (I just noticed that I wrote OpenSSL in several places instead; ...
    (comp.security.ssh)
  • Re: Incorrect protocol implementation by OpenSSH?
    ... OpenSSH (I just noticed that I wrote OpenSSL in several places instead; ... my apologies for that) server and an OpenSSH client does indeed end up ... the channel request for a shell so that the client sends a request for a ... ignoring the request is not an option: The server ...
    (comp.security.ssh)
  • [djm@cvs.openbsd.org: OpenSSH 4.0 released]
    ... OpenSSH 4.0 has just been released. ... implementation and includes sftp client and server support. ... AllowGroups and DenyGroups (Bugzilla #909) ...
    (FreeBSD-Security)
  • Announce: OpenSSH 4.3 released
    ... OpenSSH 4.3 has just been released. ... implementation and includes sftp client and server support. ...
    (SSH)
  • Re: OpenSSH
    ... OpenSSH" rather, ... from the same client IP, same client program, same options on the ... rather long delay after answering the password prompt. ... and a password prompt all at once instantly. ...
    (comp.unix.sco.misc)