[Bug 1361] New: ssh should handle leading comma in authentication method list

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Sep 12 20:57:03 EST 2007


http://bugzilla.mindrot.org/show_bug.cgi?id=1361

           Summary: ssh should handle leading comma in authentication method
                    list
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: graeme.hewson at oracle.com


It's not possible to connect to a certain proprietary appliance using
OpenSSH.  Here's an extract from a debug log:

debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ghewson/.ssh/identity ((nil))
debug2: key: /home/ghewson/.ssh/id_rsa ((nil))
debug2: key: /home/ghewson/.ssh/id_dsa (0x8090520)
debug1: Authentications that can continue: ,password
debug3: start over, passed a different list ,password
debug3: preferred publickey,keyboard-interactive,password
debug1: No more authentication methods to try.
Permission denied (,password).

Note there's no prompt for a password.  The problem is that the
appliance is sending a leading comma in the list of authentication
method names in the userauth response, and ssh isn't recognising the
"password" method.

RFC 4252 "SSH Authentication Protocol" talks of a "comma-separated
name-list" and doesn't seem to rule out there being a leading comma. 
RFC 4251 "SSH Protocol Architecture" formally defines a name-list and
says it contains "a comma-separated list of zero or more names"; again,
this doesn't seem to rule out a leading comma.  Going by the principle
of "be liberal in what you accept", I believe ssh should handle this
case.  Indeed, putty (a fairly old version, 0.57) handles it, and it's
possible to log on to the appliance.

I attach a suggested patch.


-- 
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list