Bug 1179

Summary: sshd incorrectly rejects remote connections due to IP options
Product: Portable OpenSSH Reporter: Mark Weindling <markw>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: major CC: nitrox
Priority: P2    
Version: 4.3p2   
Hardware: UltraSPARC   
OS: Solaris   
Bug Depends on:    
Bug Blocks: 1155    
Attachments:
Description Flags
Patch I used to fix the problem (probably not optimal, though!)
none
reorder ip options check dtucker: ok+

Description Mark Weindling 2006-04-01 09:42:51 AEDT 
On a recently patched ultraSparc/Solaris 10 box, sshd will reject any remote connections with the following:

Mar 31 16:24:25 sulfur sshd[15986]: [ID 800047 auth.crit] fatal: Connection from 192.168.1.15 with IP options: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Comment 1 Mark Weindling 2006-04-01 09:44:30 AEDT 
Created attachment 1105 [details]
Patch I used to fix the problem (probably not optimal, though!)
Comment 2 Damien Miller 2006-04-01 17:05:45 AEDT 
Created attachment 1107 [details]
reorder ip options check

Could you please try this patch?
Comment 3 Mark Weindling 2006-04-02 03:23:41 AEST 
Your patch worked perfectly. Thanks for the fast attention!
Comment 4 Damien Miller 2006-04-18 15:13:51 AEST 
Ok, the fix has been committed and will be in the 4.4 release.
Comment 5 Damien Miller 2006-07-17 08:14:54 AEST 
*** Bug 1210 has been marked as a duplicate of this bug. ***
Comment 6 Darren Tucker 2006-09-28 19:26:08 AEST 
With the release of 4.4, we believe that this bug is now closed.  For information about the release please see http://www.openssh.com/txt/release-4.4 .