[Bug 1999] New: When speaking v2, send client version first to avoid long delay with some proxies

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Apr 21 04:40:15 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=1999

             Bug #: 1999
           Summary: When speaking v2, send client version first to avoid
                    long delay with some proxies
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.9p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: tls at panix.com


Created attachment 2145
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2145
Patch implementing a new SendVersionFirst option.

The current behavior of the OpenSSH client is to wait for the server to
send its version string before sending the client version.  This allows
the client to work around problems in several old versions of various
SSH server software.

When configured to speak only protocol version 2, these workarounds are
of much less value.  Also, the "wait for server version" behavior
causes a long delay -- up to 30 seconds -- when communicating through
certain proxies which try to guess the protocol in use before punching
the connection through to the requested server.  Particularly stupidly
configured proxies may even drop the connection if they never see the
client version string from our end.

Such proxies are unquestionably broken but they are also painfully
common.

The attached patch adds an option "SendVersionFirst" which, if we are
speaking v2, inverts the old behavior and sends our client version
string first, rather than waiting for the server to send its string.  I
have defaulted it to enabled.  This makes OpenSSH behave much more like
most other clients when configured for v2 only and I haven't seen it
cause problems with any of a wide variety of servers.  The option can
always be disabled if a problem does arise.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list