Bug 1999 - When speaking v2, send client version first to avoid long delay with some proxies
Summary: When speaking v2, send client version first to avoid long delay with some pro...
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 5.9p1
Hardware: All All
: P2 enhancement
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_6_2
  Show dependency treegraph
 
Reported: 2012-04-21 04:40 AEST by Thor Lancelot Simon
Modified: 2013-03-22 12:02 AEDT (History)
0 users

See Also:


Attachments
Patch implementing a new SendVersionFirst option. (4.81 KB, application/octet-stream)
2012-04-21 04:40 AEST, Thor Lancelot Simon
no flags Details
Refactor, always send client banner first for protocol=2 (3.12 KB, patch)
2012-07-20 11:02 AEST, Damien Miller
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thor Lancelot Simon 2012-04-21 04:40:15 AEST
Created attachment 2145 [details]
Patch implementing a new SendVersionFirst option.

The current behavior of the OpenSSH client is to wait for the server to send its version string before sending the client version.  This allows the client to work around problems in several old versions of various SSH server software.

When configured to speak only protocol version 2, these workarounds are of much less value.  Also, the "wait for server version" behavior causes a long delay -- up to 30 seconds -- when communicating through certain proxies which try to guess the protocol in use before punching the connection through to the requested server.  Particularly stupidly configured proxies may even drop the connection if they never see the client version string from our end.

Such proxies are unquestionably broken but they are also painfully common.

The attached patch adds an option "SendVersionFirst" which, if we are speaking v2, inverts the old behavior and sends our client version string first, rather than waiting for the server to send its string.  I have defaulted it to enabled.  This makes OpenSSH behave much more like most other clients when configured for v2 only and I haven't seen it cause problems with any of a wide variety of servers.  The option can always be disabled if a problem does arise.
Comment 1 Damien Miller 2012-07-20 11:02:44 AEST
Created attachment 2175 [details]
Refactor, always send client banner first for protocol=2

I don't think we need an option here - this is a good optimisation and we should do it whenever possible.
Comment 2 Damien Miller 2012-08-17 17:27:28 AEST
Patch applied - this missed the cut for openssh-6.1, but will be in 6.2. Thanks.
Comment 3 Damien Miller 2013-03-22 12:02:08 AEDT
mark bugs closed by openssh-6.2 release as CLOSED