search for: channel_handle_wfd

...r was that it was trivially detectable when terminal echo was switched off and so an attacker could specifically observe the moments when users were typing their passwords into (say) sudo. This got fixed around the time the paper was released IIRC, search for "Simulate echo" in channels.c:channel_handle_wfd(). The broader issue of hiding all potential keystroke timing is not yet fixed. -d

Using OpenSSH_8.3p1 I had an open (working) connection to some other box; after a bit of inactivity, some device in the middle seems to have forgotten about the TCP connection (NAT) and broke it. I've got an EscapeChar defined, though; so first I tried to send a BREAK and, when that didn't help (TCP already gone, packets get lost!), I tried (just out of curiosity) a Rekey. Now I can see

...ivially detectable > when terminal echo was switched off and so an attacker could specifically > observe the moments when users were typing their passwords into (say) > sudo. This got fixed around the time the paper was released IIRC, > search for "Simulate echo" in channels.c:channel_handle_wfd(). > > The broader issue of hiding all potential keystroke timing is not yet fixed. The keystroke timing issue would be solved by adding LINEMODE support as I did back in 2010. https://lists.mindrot.org/pipermail/openssh-unix-dev/2010-June/028732.html The code is still available here https...

Hi folks, Could you tell me which function in clientloop.c is responsible for reading user keyboard input? What I found are client_make_packets_from_stdin_data() and client_process_input(), but they not for 'compat20' mode. My app runs in 'compat20'. Thanks, Bob

...Now, suppose this happens while data is still being sent from a command running on the SSH server. When the client gets into channel_input_data, it will notice that the output channel is no longer open, and simply return. This means it won't update c->local_window. It also won't call channel_handle_wfd, which would in any case return directly, which means that c->local_consumed won't be updated either. This means that channel_check_window won't ever send a SSH2_MSG_CHANNEL_WINDOW_ADJUST message, and eventually the server will stop sending and wait for the client to catch up, which wil...

Howdy all, So, one night over beers I was telling a friend how you could use the timing between key presses on a type writer to extract information. Basically, you make some assumptions about the person typing (touch typing at so many words per second and then fuzzing the parameters until words come out). The I found a paper written back in 2001 talked about using the interpacket timing in

Since we upgraded OpenSSH from 5.0p1 to 5.1p1 on our Solaris 8 boxes (I know, I know, we should upgrade or retire them...), we've started experiencing problems with slogin'ing into these boxes, running vi, and pasting text into the vi session. As long as we are pasting in less that 1024 characters it's fine. With >= 1024 characters, the session hangs. If you run

System: Linux 2.4.18, openssh-3.4p1 Problem: I use "ssh" and "tar" to backup remote directory trees to a local hard-disk/file-system: # ssh remote.server.org "tar -cz /home" >/backup/remote.tar.gz If the backup-file-system runs out of space before the backup completes, ssh starts hanging (waiting for the stdout-write to complete). Analysis: In

...with EWOULDBLOCK instead of EAGAIN. The code in channels.c does not handle EAGAIN, causing the socket to be closed, but the parent process does not recieve notification, leading to a stall. in channel_handle_[erw]fd, the calls to read/write should check for EWOULDBLOCK as well as EAGAIN: e.g, in channel_handle_wfd: len = write(c->wfd, buf, dlen); if (len < 0 && (errno == EINTR || #ifdef EWOULDBLOCK errno == EWOULDBLOCK || #endif errno == EAGAIN)) This appears to be pervasive throughout the code, not j...

...================================= > RCS file: /usr/local/src/security/openssh/cvs/openssh/channels.c,v > retrieving revision 1.273 > diff -u -p -r1.273 channels.c > --- channels.c 16 Jul 2008 12:42:06 -0000 1.273 > +++ channels.c 5 Aug 2008 01:08:22 -0000 > @@ -1578,11 +1578,10 @@ channel_handle_wfd(Channel *c, fd_set *r > } > return 1; > } > -#ifdef _AIX > + > /* XXX: Later AIX versions can't push as much data to tty */ > if (compat20 && c->wfd_isatty) > - dlen = MIN(dlen, 8*1024); > -#endif > + dlen = MIN(dlen, 1024); > &...

The command "ssh ls -l /doesnotexist" gives various responses: Running from a 200 MHz PentiumPro with dsa key added to ssh-agent: Mistakes worst to fast machine: To a faster 600 MHz dual processor i686 600 MHz machine: ls: /doesnotexist: No such file or directory -- correct nothing at all -- wrong ls: select: Bad file descriptor -- wrong