[Bug 3590] Why is the service name in the USERAUTH REQUEST message "ssh-connect" instead of "ssh-userauth"?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jul 21 11:13:57 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3590

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org
         Resolution|---                         |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
It's explained in rfc4252 section 5:

> The 'service name' specifies the service to start after
> authentication.  There may be several different authenticated
> services provided.  If the requested service is not available, the
> server MAY disconnect immediately or at any later time.  Sending a
> proper disconnect message is RECOMMENDED.  In any case, if the
> service does not exist, authentication MUST NOT be accepted.

"ssh-userauth" is used in an earlier SSH2_MSG_SERVICE_REQUEST to
request the authentication service, but the authentication is being
performed to request access to the "ssh-connection" service.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list