Bug 2250

Summary: SOCKS5 should return "NO ACCEPTABLE METHODS" instead of nothing
Product: Portable OpenSSH Reporter: Gunter Grodotzki <guenter>
Component: sshAssignee: Darren Tucker <dtucker>
Status: NEW ---    
Severity: enhancement CC: djm, dtucker, mindrot.org
Priority: P5    
Version: -current   
Hardware: All   
OS: All   
See Also: https://bugzilla.mindrot.org/show_bug.cgi?id=2417
Bug Depends on: 2417    
Bug Blocks:    
Attachments:
Description Flags
Return "NO ACCEPTABLE METHODS" if we don't find the method we are looking for none

Description Gunter Grodotzki 2014-06-26 21:12:56 AEST 
In: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c?rev=1.332;content-type=text%2Fplain
Search for: "SSH_SOCKS5_NOAUTH not found"

If a connection to SSH-SOCKS5 is established and a unsupported auth method is sent, SSH will not reply anything.

According to http://tools.ietf.org/html/rfc1928 the server could (it does not state if the server MUST or SHOULD, hence "could" ;) ) send simply X'FF' NO ACCEPTABLE METHODS - with this a client can do appropriate handling.

Would like to hear your thoughts if I am misinterpreting rfc1928, or I should just suck it up and handle cases like this with my client.
Comment 1 Darren Tucker 2015-06-05 13:50:30 AEST 
My reading of RFC1928 agrees with yours.  I'll take a look at this after the upcoming 6.9 release is out the door.
Comment 2 Darren Tucker 2015-06-05 14:07:41 AEST 
Created attachment 2644 [details]
Return "NO ACCEPTABLE METHODS" if we don't find the method we are looking for

I think this will do it but I don't have an easy way to test it.
Comment 3 Jonas Berlin 2015-06-25 22:08:13 AEST 
Will the buffered bytes be sent even when the method returns -1 which causes the caller to call chan_mark_dead(); ?
Comment 4 Jonas Berlin 2015-06-25 22:18:37 AEST 
Attempted to implement error reporting for a few more error situations in bug #2417.
Comment 5 Damien Miller 2015-08-11 22:59:12 AEST 
Retarget pending bugs to openssh-7.1
Comment 6 Damien Miller 2016-02-26 14:44:29 AEDT 
Retarget to openssh-7.3
Comment 7 Damien Miller 2016-02-26 14:47:16 AEDT 
Retarget to openssh-7.3
Comment 8 Damien Miller 2016-06-17 14:52:46 AEST 
Remove from openssh-7.3 list until the blocking bug is fixed