search for: compat13

When I encounter the problem with TCP port forwarding locking up, I'll see this on the client window (if I haven't invoked ssh with -q): chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected chan_shutdown_read failed for #1/fd6: Transport endpoint is not connected This is with Blowfish encryption. I have to kill and restart the client when this happens. Phil

...el layer */ - if (!no_port_forwarding_flag && options.allow_tcp_forwarding) + if (!auth_restricted(RESTRICT_TCP, authctxt->pw)) channel_permit_all_opens(); if (compat20) @@ -312,7 +314,7 @@ break; case SSH_CMSG_AGENT_REQUEST_FORWARDING: - if (no_agent_forwarding_flag || compat13) { + if (auth_restricted(RESTRICT_AGENT, s->pw) || compat13) { debug("Authentication agent forwarding not permitted for this authentication."); break; } @@ -321,11 +323,7 @@ break; case SSH_CMSG_PORT_FORWARD_REQUEST: - if (no_port_forwarding_flag) { - debu...

...HAN_OUTPUT_WAIT_DRAIN) { channels.c: debug("X11 rejected %d i%d/o%d", ch->self, ch->istate, ch->ostate); channels.c: debug("X11 rejected %d i%d/o%d", ch->self, ch->istate, ch->ostate); channels.c: if (!compat13 && ch->ostate != CHAN_OUTPUT_OPEN) channels.c: c->ostate, buffer_len(&c->output)); nchan.c:/* events concerning the OUTPUT from channel for socket (ostate) */ nchan.c: switch (c->ostate) { nchan.c: c->ostate = CHAN_OUTPUT_WAIT...

...-r1.42 -r1.43 --- compat.h 31 Dec 2013 01:25:41 -0000 1.42 +++ compat.h 20 Apr 2014 03:25:31 -0000 1.43 @@ -59,6 +59,7 @@ #define SSH_BUG_RFWD_ADDR 0x02000000 #define SSH_NEW_OPENSSH 0x04000000 #define SSH_BUG_DYNAMIC_RPORT 0x08000000 +#define SSH_BUG_CURVE25519PAD 0x10000000 void enable_compat13(void); void enable_compat20(void); @@ -66,6 +67,7 @@ void compat_datafellows(const char * int proto_spec(const char *); char *compat_cipher_proposal(char *); char *compat_pkalg_proposal(char *); +char *compat_kex_proposal(char *); extern int compat13; extern int compat20; Index: ss...

...+#endif +#ifdef WITH_AGENTFWD + channel_post[SSH_CHANNEL_AUTH_SOCKET] = &channel_post_auth_listener; +#endif + channel_post[SSH_CHANNEL_OPEN] = &channel_post_open_1; } static void @@ -1510,8 +1587,10 @@ } if (compat20) channel_handler_init_20(); +#ifdef WITH_PROTO13 else if (compat13) channel_handler_init_13(); +#endif else channel_handler_init_15(); } @@ -1806,6 +1885,7 @@ } +#ifdef WITH_PROTO13 void channel_input_close(int type, int plen, void *ctxt) { @@ -1843,6 +1923,7 @@ c->type = SSH_CHANNEL_OUTPUT_DRAINING; } } +#endif /* proto version 1.5 ov...

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

...nel_post_open; channel_post[SSH_CHANNEL_CONNECTING] = &channel_post_connecting; channel_post[SSH_CHANNEL_DYNAMIC] = &channel_post_open; + channel_post[SSH_CHANNEL_RDYNAMIC] = &channel_post_rdynamic; } static void @@ -2190,10 +2306,12 @@ channel_output_poll(void) */ if (compat13) { if (c->type != SSH_CHANNEL_OPEN && - c->type != SSH_CHANNEL_INPUT_DRAINING) + c->type != SSH_CHANNEL_INPUT_DRAINING && + c->type != SSH_CHANNEL_RDYNAMIC) continue; } else { - if (c->type != SSH_CHANNEL_OPEN) + if (c->type != SSH...

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

...+ } + else + debug("max number of timeouts exceeded: stop sending garbage packets"); + } + /* End SD Mod */ + else if (c->istate == CHAN_INPUT_WAIT_DRAIN) { if (compat13) fatal("cannot happen: istate == INPUT_WAIT_DRAIN for proto 1.3"); /* --- channels.h Mon Sep 17 22:51:14 2001 +++ channels.new.h Mon Oct 15 14:28:43 2001 @@ -21,6 +21,33 @@ * notice, this list of conditions and the followi...

I am running OpenSSH 2.9p1 on SunOS 5.7 w/4-24-2001 patch cluster. Like many other users I am seeing the hanging session on logout with background processes. This is a huge problem for me as I centrally manage 50+ machines with rdist across ssh. Instead of just complaining about the problem I thought I would put my CS degree to use and try to track down the problem myself. For starters,

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,