| Summary: | Broken compatibility with old SSH clients sending 1.99 identification | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Jakub Jelen <jjelen> | ||||
| Component: | sshd | Assignee: | Damien Miller <djm> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | enhancement | CC: | djm, dtucker, joukj | ||||
| Priority: | P5 | ||||||
| Version: | 7.6p1 | ||||||
| Hardware: | Other | ||||||
| OS: | Linux | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 2782 | ||||||
| Attachments: |
|
||||||
Some discussion on clients sending 1.99 can be found here: https://community.hpe.com/t5/Operating-System-OpenVMS/SSH-1-99-sent-by-client-not-RFC-compliant/td-p/4688885 Jouk Created attachment 3109 [details]
don't refuse SSH-1.99 clients
doh, you're quite right
Fix applied, will be in OpenSSH 7.7 closing resolved bugs as of 8.6p1 release |
The git commit 97f4d30 [1] introduced a the following change that I suspect is wrong: - if (remote_major == 2 || - (remote_major == 1 && remote_minor == 99)) { - enable_compat20(); - } else { + if (remote_major != 2 || + (remote_major == 1 && remote_minor != 99)) { The first part of condition is correctly negated to leave the same behavior for 2.0 clients, but not the second part. The correct result should look like this: + if (remote_major != 2 && + !(remote_major == 1 && remote_minor == 99)) { So we will not bail out on comparing 2.0 with 1.99 protocol versions. Additionally, if I read the RFC 4253, Section 5.1 [1] correctly, the client should not send the 1.99 identification and therefore it is also a bug of a client. But it worked before OpenSSH 7.6 and the above change is clearly wrong. This was initially discussed in Red Hat bugzilla [3]. [1] https://github.com/openssh/openssh-portable/commit/97f4d3083b036ce3e68d6346a6140a22123d5864#diff-4035368a40ab0fedd413faefcbf832d7 [2] https://tools.ietf.org/html/rfc4253#section-5.1 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1524392#c26