search for: ssh_old_sessionid

...one Working patch to the problem: --------------------------------- *** compat.c Sat Nov 4 21:42:36 2000 --- compat.c.new Fri Dec 22 11:10:52 2000 *************** *** 66,71 **** --- 66,74 ---- { "MindTerm", 0 }, { "^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID }, + /* yetanother 2.1.0 */ + { "^2\\.1\\.0.pl2 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + SSH_OLD_SESSIONID }, { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID| SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD },

...e you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------- next part -------------- --- compat.c.orig Sun Nov 5 07:42:36 2000 +++ compat.c Sat Dec 2 17:58:56 2000 @@ -64,12 +64,12 @@ } check[] = { { "^OpenSSH[-_]2\\.[012]", SSH_OLD_SESSIONID }, { "MindTerm", 0 }, - { "^2\\.1\\.0 ", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| + { "^2\\.1\\.0", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID }, { "^2\\.0\\.", SSH_BUG_SIGBLOB|SSH_BUG_HMAC| SSH_OLD_SESSIONID| SSH_BUG_PUBKEYAUTH|SSH_BUG...

disclaimer: i am not subscribed to the list. i just compiled OpenSSH-2.3.0p1 and replaced OpenSSH-2.2.0p1. i noticed that OpenSSH-2.3.0p1 does not match itself in compat.c the problem seems to be in line 65 of compat.c, { "^OpenSSH[-_]2\\.[012]", SSH_OLD_SESSIONID }, it looks like the regex needs to be expanded to include 3: { "^OpenSSH[-_]2\\.[0123]", SSH_OLD_SESSIONID }, not understanding the ramifications of such a change, i am loathe to do it myself. -john

Hi, I have a problem with a Linux box which I updated from 2.5.2p2 to 2.9p2 recently. It's running a tunnel started via inittab using a script which starts ssh -2 -N -o 'ConnectionAttempts 3600' -L <tunnel> $host This has run reliable with 2.5.2 over the last months. Now, after I have upgraded to 2.9p2, the tunnel is closed right after each attempt of an application to use

...FAILURE 0x00020000 #define SSH_BUG_DERIVEKEY 0x00040000 +#define SSH_BUG_SERVERLIESSIZE 0x00080000 void enable_compat13(void); void enable_compat20(void); --- compat.c.O Thu Jul 5 10:49:21 2001 +++ compat.c Thu Jul 5 10:49:27 2001 @@ -105,6 +105,8 @@ { "^1\\.7 SecureFX", SSH_OLD_SESSIONID }, { "^1\\.2\\.1[89]", SSH_BUG_IGNOREMSG }, { "^1\\.2\\.2[012]", SSH_BUG_IGNOREMSG }, + { "^1\\.2\\.2[3-9]", SSH_BUG_SERVERLIESSIZE }, + { "^1\\.2\\.3[0-1]", SSH_BUG_SERVERLIESSIZE }, { "^1\\.3\\.2", SSH_BUG_IGNOREMSG }, /* f-secure */...

...+ debug3("sign_and_send_certkey"); + + if (key_to_blob(id->key, &blob, &bloblen) == 0) { + /* we cannot handle this key */ + debug3("sign_and_send_certkey: cannot handle key"); + return 0; + } + /* data to be signed */ + buffer_init(&b); + if (datafellows & SSH_OLD_SESSIONID) { + buffer_append(&b, session_id2, session_id2_len); + skip = session_id2_len; + } else { + buffer_put_string(&b, session_id2, session_id2_len); + skip = buffer_len(&b); + } + buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); + buffer_put_cstring(&b, authctxt->server_user)...

Could everyone please test the latest snapshots as we will be making a new release soon. If you have any patches you would like us to consider, please resend them to the list ASAP. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer

...et_binary(&blen); } pktype = key_type_from_name(pkalg); if (pktype == KEY_UNSPEC) { @@ -93,13 +93,13 @@ goto done; } if (have_sig) { - sig = packet_get_string(&slen); + sig = packet_get_binary(&slen); packet_check_eom(); buffer_init(&b); if (datafellows & SSH_OLD_SESSIONID) { buffer_append(&b, session_id2, session_id2_len); } else { - buffer_put_string(&b, session_id2, session_id2_len); + buffer_put_binary(&b, session_id2, session_id2_len); } /* reconstruct packet */ buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); @@ -115,7 +115,7...