Ugly patch to openssh-1.2pre15

Tue Dec 7 02:53:56 EST 1999

Hi,

I am behind a firewall which does not permit connections to port 22, so I
run my ssh server on port 23. :-)  Unfortunately, the stupid firewall
prints a few lines of junk when you make a connection to port 23 before
actually starting the connection.  This confuses ssh.

Attached is an (ugly) patch against openssh-1.2pre15 which makes it ignore
a configurable number of lines while looking for the SSH-%d-%d
identification string.  If you think it's worth including this hack in the
official version, feel free. :-)

Please reply to me as I'm not on this list.

Regards,

David F. Skoll
http://www.roaringpenguin.com

diff -b -c --recursive openssh-1.2pre15/sshconnect.c openssh-1.2pre15-patched/sshconnect.c
*** openssh-1.2pre15/sshconnect.c	Wed Nov 24 19:54:59 1999
--- openssh-1.2pre15-patched/sshconnect.c	Mon Dec  6 10:35:51 1999
***************
*** 31,36 ****
--- 31,42 ----
  #include "readconf.h"
  #include "fingerprint.h"

+ /* I am behind a firewall which forces me to run my SSH server on port 23.
+    The stupid firewall emits several lines of chatter before making
+    the real connection, so we have to swallow some lines before getting
+    the SSH-%d.%d identification string */
+ #define FIREWALL_CHATTER_LINES 10
+ 
  /* Session id for the current session. */
  unsigned char session_id[16];

***************
*** 896,902 ****
--- 902,910 ----
  	int connection_in = packet_get_connection_in();
  	int connection_out = packet_get_connection_out();
  	extern Options options;
+         int chatter;

+         for (chatter = 0; chatter < FIREWALL_CHATTER_LINES; chatter++) {
              /* Read other side\'s version identification. */
              for (i = 0; i < sizeof(buf) - 1; i++) {
  		if (read(connection_in, &buf[i], 1) != 1)
***************
*** 917,927 ****
  	 * Check that the versions match.  In future this might accept
  	 * several versions and set appropriate flags to handle them.
  	 */
  	if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
! 		   remote_version) != 3)
  		fatal("Bad remote protocol version identification: '%.100s'", buf);
  	debug("Remote protocol version %d.%d, remote software version %.100s",
  	      remote_major, remote_minor, remote_version);

  	/* Check if the remote protocol version is too old. */
  	if (remote_major == 1 && remote_minor < 3)
--- 925,943 ----
               * Check that the versions match.  In future this might accept
               * several versions and set appropriate flags to handle them.
               */
+             debug("chatter = %d, buf = %s", chatter, buf);
              if (sscanf(buf, "SSH-%d.%d-%[^\n]\n", &remote_major, &remote_minor,
!                        remote_version) != 3) {
!                 if (chatter >= FIREWALL_CHATTER_LINES-1) {
                      fatal("Bad remote protocol version identification: '%.100s'", buf);
+                 } else {
+                     continue;
+                 }
+             }
              debug("Remote protocol version %d.%d, remote software version %.100s",
                    remote_major, remote_minor, remote_version);
+             break;
+         }

          /* Check if the remote protocol version is too old. */
          if (remote_major == 1 && remote_minor < 3)