Re: Incorrect protocol implementation by OpenSSH?

On Sat, 29 Sep 2007 13:23:34 +0100, Ben Harris wrote:

In article <pan.2007.09.28.20.24.16@xxxxxxxxx>, H.K. Kingston-Smith
<HKK-S@xxxxxxxxx> wrote:
I have just checked out that an SSH conversation between an
OpenSSH (I just noticed that I wrote OpenSSL in several places instead;
my apologies for that) server and an OpenSSH client does indeed end up
deadlocked in the situation I describe (I used version 4.7p1, changing
the channel request for a shell so that the client sends a request for a
"thell" :-)

Based on this, ignoring the request is not an option: The server
should send something back. What should it send back?

If you really want to work around what seems to be an OpenSSH bug, I'd
suggest forcibly closing the channel over which the request arrived.

That's a good suggestion. Thanks.


This will avoid killing any other channels that might be running over
the same connection, but should make it clear to the client that no good
will come of the channel. If you do this, it should only be in response
to a "shell" or "exec" request with 'want reply' false, and preferably
only if the client has identified itself as OpenSSH. That way, you'll
minimise the chances of causing new problems with sensible clients.

.

Relevant Pages

  • Re: Incorrect protocol implementation by OpenSSH?
    ... If the server S does not support a certain type of request (exec, ... If the client wanted a reply, it would have set 'want reply' ... OpenSSH (I just noticed that I wrote OpenSSL in several places instead; ...
    (comp.security.ssh)
  • Announce: OpenSSH 4.2 released
    ... OpenSSH 4.2 has just been released. ... implementation and includes sftp client and server support. ...
    (SSH)
  • Re: openssh + putty interoperability
    ... > OpenSSH to a combination of Dropbear (presumably server) and PuTTY ... > (presumably client); so where does OpenSSH come into the question? ...
    (comp.security.ssh)
  • Re: Incorrect protocol implementation by OpenSSH?
    ... when the server receives an SSH_MSG_CHANNEL_REQUEST message to ... SSH_MSG_CHANNEL_REQUEST message sent by the OpenSSH client contains a 0 ... OpenSSH client is not. ... single command lines. ...
    (comp.security.ssh)
  • Re: OpenSSH_3.5p1 server, PC clients cannot connect
    ... This is a new installation of OpenSSH on this server. ... Here are some additional notes from the logs, and from the client side: ... dies immediately after this DEBUG log entry: ...
    (SSH)