openssh bugs - Aug 2005 - [Bug 1067] ssh-keyscan does not work with F-Secure SSH 3.2.0 sometimes

http://bugzilla.mindrot.org/show_bug.cgi?id=1067

           Summary: ssh-keyscan does not work with F-Secure SSH 3.2.0
                    sometimes
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Miscellaneous
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: dave at cirt.net


For some obscure reason F-Secure's SSH 3.2.0 redirects warnings down the
connection stream, so when you do a ssh connect you will have a response like:

sshd2[4036]: WARNING: Configuration option SshPAMClientPath is deprecated.
sshd2[4036]: WARNING: DNS lookup failed for "1.1.1.1".
SSH-2.0-3.2.0 F-SECURE SSH

ssh-keyscan, in the function "congreet" only examines the first line
for the SSH
banner. This is different behaviour to the ssh connect command (which checks all
lines in the first 256 bytes) for the SSH banner.

Because of this you cannot use ssh-keyscan against hosts running this flavour of
SSH unless all of the warnings are cleared.

(There may also be a knock on effect to the ssh command if there are a lot of
warnings)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1067


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED




------- Additional Comments From dtucker at zip.com.au  2005-08-09 21:57 -------
I'm not sure if it's intentional on the part of the server, but it seems
within
the existing protocol spec:
(http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-24.txt section
4.2).

Looks like ssh and ssh-keyscan ought to read and ignore such lines.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.