search for: ssh_msg_channel_open_failur

Hi, SSH.COM/F-Secure version 2.0.xx sends/receives SSH_MSG_CHANNEL_OPEN_FAILURE packets without the additional two strings (additional info/language tag) - I think the SecSH drafts at that time didn't have those two strings. Possibly some other implementations have this problem too. Anyway, a fix for OpenSSH (against latest cvs tree) is included. (This has been partial...

...u_short); --- clientloop.c 28 Jan 2003 18:06:51 -0000 1.1.1.2 +++ clientloop.c 28 Jan 2003 19:06:35 -0000 1.3 @@ -1342,7 +1344,7 @@ dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data); dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); - dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); + dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open_quiet); dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stde...

Is this really caused by a buggy server, or is this an interoperability problem? It seems to work ok when I specify -o "protocol 1" on the command line. Thanks, Greg [gleblanc at grego1 gleblanc]$ ssh -v login.metalab.unc.edu SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh/ssh_config debug: Applying

.../* Get remote channel number. */ remote_channel = packet_get_int(); + + /* Jarno */ + if (!options.port_forwarding) { + /* packet_get_all(); */ + debug("Refused port forward request."); + packet_send_debug("Server configuration rejects port forwardings."); + packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); + packet_put_int(remote_channel); + packet_send(); + return; + } /* Get host name to connect to. */ host = packet_get_string(&host_len); diff -u -r openssh-2.1.1p4/servconf.c openssh-2.1.1p4-jhchanges/servconf.c --- openssh-2.1.1p4/servconf.c Sat Jul 15 07:14:17 2000 +++ openssh-2.1...

...CLOSE, &channel_input_close); dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation); +#endif dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data); dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); +#ifdef WITH_TCPFWD dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); +#endif dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data); dispatch_set(SSH_SMSG_STDOUT_DA...

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

...nput_port_open(int type, int plen) +{ + int remote_channel = packet_get_int(); + +#ifndef DISABLE_FORWARDING + if (!allow_port_forwarding) { +#endif + debug("Refused port forward request."); + packet_send_debug("Server configuration rejects port forwardings."); + packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); + packet_put_int(remote_channel); + packet_send(); + return; +#ifndef DISABLE_FORWARDING + } +#endif + channel_input_port_open(type, plen, remote_channel); +} + +/* Jarno: This is only a client wrapper for channel_input_port_open */ +void client_channel_input_port_open(int type, int plen) +{...