Bug 610 - sshd should display the openssl version string from usage()
Summary: sshd should display the openssl version string from usage()
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: All All
: P5 enhancement
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-07-01 10:21 AEST by Craig Leres
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
patch to sshd.c (705 bytes, patch)
2003-07-01 10:23 AEST, Craig Leres 		no flags Details | Diff
proposed output (939 bytes, text/plain)
2003-07-01 10:25 AEST, Craig Leres 		no flags Details
Make sshd's -V like ssh's (1.08 KB, patch)
2003-07-01 20:12 AEST, Darren Tucker 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Craig Leres 2003-07-01 10:21:03 AEST 
It would be nice if "ssh -\?" reported the openssl version string.
Comment 1 Craig Leres 2003-07-01 10:23:34 AEST 
Created attachment 349 [details]
patch to sshd.c
Comment 2 Craig Leres 2003-07-01 10:25:33 AEST 
Created attachment 350 [details]
proposed output
Comment 3 Darren Tucker 2003-07-01 10:32:17 AEST 
Perhaps sshd should understand -V same as ssh?  (Hmm, -V appears to be 
already used by sshd for an undocumented option...)
Comment 4 Craig Leres 2003-07-01 11:32:22 AEST 
You're right but notice that -V takes an argument and so if you naively run
"sshd -V" it prints out the usage() message and you still get to see the version
strings.
Comment 5 Darren Tucker 2003-07-01 11:47:09 AEST 
I'm wondering if the undocumented -V option should be either replaced or 
documented.

It sets the client SSH protocol version from the command line when used with 
inetd but I can't figure out what use that might be.
Comment 6 Markus Friedl 2003-07-01 18:11:15 AEST 
-V is used by the commercial ssh.com v2 implementation to 
execute a ssh v1 capable server in compatibility mode.

its not supposed to be used by anyone else.

but i think we can remove -V now and implement -V similar to ssh(1).
Comment 7 Darren Tucker 2003-07-01 20:12:18 AEST 
Created attachment 352 [details]
Make sshd's -V like ssh's

Ah, that explains it: the v2 sshd would just exec the v1 sshd with that option
after the first line of input.	I didn't know that OpenSSH's sshd could be used
that way.

Anyway, attached patch (stolen from ssh.c) looks like this:
$ ./sshd -V
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6b [engine] 9 Jul 2001
Comment 8 Markus Friedl 2003-07-15 23:24:07 AEST 
-V has been removed from sshd.

but no new -V option. ssh -V should be enough.
Comment 9 Craig Leres 2003-07-16 03:35:04 AEST 
(I'm confused; what does ssh -V have to do with the version of openssl sshd is
using?)

Note that I did not ask for a -V flag; that was proposed by someone else. What I
asked was that sshd display the openssl version from usage(). It already
displays the openssh version and I think being able to verify the version of
openssl used by sshd is a critical security feature.

Please reconsider the patch I submitted (the first attachment to this bug). All
it does is add the openssl version string to the printout of the openssh
version.
Comment 10 Darren Tucker 2003-10-03 18:05:02 AEST 
This has been done:
   - markus@cvs.openbsd.org 2003/10/02 10:41:59
     [sshd.c]
     print openssl version, too, several requests; ok henning/djm.
Comment 11 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED