Paolo Vicario
2006-Oct-17 09:06 UTC
OpenSSH not compliant with RFC 4253? (Protocol Version Exchange string not ending with CR LF)
(Maybe this is a re-posting: sorry for that.) Hello, a SonicWALL appliance that protects my servers' LAN has suddenly begun to refuse OpenSSH connections with the following message: 'SSH 2.0 Overly Long Protocol Version Exchange String, SID: 3696, Priority: High - This signature detects overly long "Protocol Version Exchange" string in SSH 2.0. The maximum length of the string, defined in RFC 4253, is 255 bytes.' Sniffing IP packets during a connection, I found that the problem is not the string length, but the string terminator: Version Exchange String does not end with CR LF (RFC 4253, section "4.2. Protocol Version Exchange"), but with CR only. I tried two different client versions, with the same result: Openssh V3.8.1p1 (Debian stable package ssh 3.8.1p1-8.sarge.4) Openssh V4.3p2 (Debian testing package openssh-client 4.3p2-3) Is (portable) OpenSSH compliant with RFC 4253? Is it a bug fixed in V4.4? Are Debian packages not compliant with (portable) OpenSSH official packages? Did anybody experience something like this? Thanks in advance, Paolo -- Paolo Vicario, Centro Servizi Informatici e Telematici (CSIT) Universita' degli Studi di Udine e-mail: paolo.vicario at uniud.it ---------------------------------------------------------------------- SEMEL (SErvizio di Messaging ELettronico) - CSIT -Universita' di Udine
Possibly Parallel Threads
- How to implement HA and Live Migration with a SAN?
- xen-tools: does not unmount disks and mounts proc into the new VM - why?
- Moving index files on another disk: no troubles but need more assurances
- Strange behaviour of as.Date function
- problem on how R2.0 handle the RAM, maybe a bug
Wisdom of the Ancients
