search for: remote_window

...;s window size a SSH_MSG_CHANNEL_WINDOW_ADJUST message is never sent once the client's remote window count goes to 0. The client never attempts to read off the tun device file descriptor again. After some investigation I determined that for every packet sent the client is decrementing Channel.remote_window by a value that is 4 bytes larger than the amount that the server decrements Channel.local_window and Channel.local_consumed. Prior to the stall the server does send SSH_MSG_CHANNEL_WINDOW_ADJUST messages. When it does the "byte to add" value is off by 4x the number of packets consumed...

The command "ssh ls -l /doesnotexist" gives various responses: Running from a 200 MHz PentiumPro with dsa key added to ssh-agent: Mistakes worst to fast machine: To a faster 600 MHz dual processor i686 600 MHz machine: ls: /doesnotexist: No such file or directory -- correct nothing at all -- wrong ls: select: Bad file descriptor -- wrong

...greater than 131071 bytes. As to my understanding this is true with a linux networking stack also (on my system the max system value allowed is 131071).Please correct me if I am wrong. In channel_output_poll(void) in channels.c if (compat20) { if (len > c->remote_window) len = c->remote_window; if (len > c->remote_maxpacket) len = c->remote_maxpacket; fprintf(stderr,"Remote window size %d Remote max packet %d\n&qu...

...-3.8.1p1-bugfix/channels.c --- openssh-3.8.1p1/channels.c 2004-01-20 19:02:09.000000000 -0500 +++ openssh-3.8.1p1-bugfix/channels.c 2004-07-13 09:37:20.000000000 -0400 @@ -702,6 +702,8 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) { u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); + if (limit > 0x10000) + limit = 0x10000; if (c->istate == CHAN_INPUT_OPEN && limit > 0 && Common subdirectories: openssh-3.8.1p1/contrib and openssh-3.8.1p1-bugfix/contrib Common subdirectories: openssh-3.8....

...+++ openssh-3.8.1p1-dynwindow/channels.c 2004-07-13 09:46:58.000000000 -0400 @@ -255,6 +255,7 @@ c->local_window_max = window; c->local_consumed = 0; c->local_maxpacket = maxpack; + c->dynamic_window = 0; c->remote_id = -1; c->remote_name = xstrdup(remote_name); c->remote_window = 0; @@ -702,6 +703,10 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) { u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); + if (!c->input.unlimited && limit > 0x10000) + limit = 0x10000; + else if (c->input.unlimited && limit &g...

Using OpenSSH_8.3p1 I had an open (working) connection to some other box; after a bit of inactivity, some device in the middle seems to have forgotten about the TCP connection (NAT) and broke it. I've got an EscapeChar defined, though; so first I tried to send a BREAK and, when that didn't help (TCP already gone, packets get lost!), I tried (just out of curiosity) a Rekey. Now I can see

...:44:38.000000000 -0400 +++ ssh/channels.c 2004-07-07 10:02:24.000000000 -0400 @@ -255,6 +255,7 @@ c->local_window_max = window; c->local_consumed = 0; c->local_maxpacket = maxpack; + c->dynamic_window = 0; c->remote_id = -1; c->remote_name = xstrdup(remote_name); c->remote_window = 0; @@ -1520,14 +1521,26 @@ !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) && c->local_window < c->local_window_max/2 && c->local_consumed > 0) { + u_int32_t tcpwinsz = 0; + socklen_t optsz = sizeof(tcpwinsz); + int ret = -1; + u_int32_t...

...router, not better. -I tried with openvpn, works fine but i would prefer openssh for my backup solution. -I changed for testing in channels.c: debug2("channel %d: rcvd adjust %u", id, adjust); to debug2("channel %d: rcvd adjust %u is_now: %u", id, adjust, c->remote_window); debug on router shows: .. .. .. Nov 3 12:26:51 (none) user.info : debug2: channel 1: rcvd adjust 1049336 is_now: 705152^M Nov 3 12:26:59 (none) user.info : debug2: channel 1: rcvd adjust 1048663 is_now: 698457^M Nov 3 12:27:01 (none) user.info : debug2: channel 1: window 108432 sent adjust 10...

...PEN] = &channel_post_open_2; channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener; + channel_post[SSH2_CHANNEL_PORT_LISTENER] = &channel_post_port_listener; channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener; } @@ -1309,6 +1317,96 @@ c->remote_window += adjust; } +/* Jarno Huuskonen: This is called when server receives + * SSH2_MSG_GLOBAL_REQUEST. Handles both "tcpip-forward" and + * "cancel-tcpip-forward" requests. + */ +void +channel_server_global_request(int type, int plen, void *ctxt) +{ + char *rtype; + char want_r...

...EN] = &channel_post_open_2; channel_post[SSH_CHANNEL_PORT_LISTENER] = &channel_post_port_listener; + channel_post[SSH2_CHANNEL_PORT_LISTENER] = &channel_post_port_listener; channel_post[SSH_CHANNEL_X11_LISTENER] = &channel_post_x11_listener; } @@ -1275,6 +1290,122 @@ c->remote_window += adjust; } +/* Jarno Huuskonen: Checks if the server allows port forwarding. + * Logs all failed attempts. + * Return 1 if the forwarding is allowed or 0 for failure. + */ +int allow_remote_forwarding(const char *address_to_listen, int port) +{ +#ifdef DISABLE_FORWARDING + return 0; +#endif /*...

...void channel_input_close_confirmation(int type, int plen, void *ctxt) { @@ -1871,6 +1953,7 @@ "non-closed channel %d (type %d).", id, c->type); channel_free(c); } +#endif void channel_input_open_confirmation(int type, int plen, void *ctxt) @@ -2005,6 +2088,7 @@ c->remote_window += adjust; } +#ifdef WITH_TCPFWD void channel_input_port_open(int type, int plen, void *ctxt) { @@ -2042,7 +2126,7 @@ } xfree(host); } - +#endif /* -- tcp forwarding */ @@ -2052,6 +2136,7 @@ IPv4or6 = af; } +#ifdef WITH_X11FWD /* * Initiate forwarding of connections to local...

...if (strcmp(c->ctype, "session") == 0)*/ + if (c->ctype[0] == 's') packet_put_string(buffer_ptr(&c->input), len); + else + packet_put_binary(buffer_ptr(&c->input), len); packet_send(); buffer_consume(&c->input, len); c->remote_window -= len; @@ -1787,7 +1791,11 @@ packet_start(SSH2_MSG_CHANNEL_EXTENDED_DATA); packet_put_int(c->remote_id); packet_put_int(SSH2_EXTENDED_DATA_STDERR); + /*if (strcmp(c->ctype, "session") == 0)*/ + if (c->ctype[0] == 's') packet_put_string(buffer_ptr(&am...

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

http://bugzilla.mindrot.org/show_bug.cgi?id=1131 ------- Comment #5 from dtucker at zip.com.au 2006-02-14 22:17 ------- Also, what compiler did you use to compile OpenSSH? If you compile OpenSSH (and openssl and zlib if possible) with optimization disabled (-O0) does the error still occur? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are

...debug2("reseting count"); + } + /* End SD Mod */ packet_send(); buffer_consume(&c->input, len); c->remote_window -= len; } - } else if (c->istate == CHAN_INPUT_WAIT_DRAIN) { + } + /* + * Begin SD Mod: + * packet does not contain data, we are not in a draining + * state and timing manipulat...

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,