F-secure -> Openssh Compatibility (fwd)

Michael H. Warfield mhw at wittsend.com
Mon Jul 17 02:18:55 EST 2000


On Sun, Jul 16, 2000 at 10:37:10AM +0200, Philipp Buehler wrote:
> Markus Friedl wrote To Mike Fisk:
> > i think i read that the mac client does not sends only
> > 	SSH-x.y-VERSION\r
> It's typical for Mac to have only \r as a newline character,
> so it's possible. No mac around though.

	I saw some discussion and confirmation up on the ssh mailing
lists that some earlier versions of the Mac ssh client was doing
that.  Someone had a patch to fix OpenSSH and I thought they
said they were going to submit it.

	I've attached on of those messages below...

> ciao
> -- 
> Philipp Buehler, aka fIpS | sysfive.com GmbH | BOfH | NUCH | <double-p> 
> 
> %SYSTEM-F-TOOEARLY, please contact your sysadmin at a sensible time.
> Artificial Intelligence stands no chance against Natural Stupidity.

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

===== Begin Forwarded Message =====
> From owner-ssh at clinet.fi  Thu Jun 29 17:28:53 2000
Return-Path: <owner-ssh at clinet.fi>
Date: Thu, 29 Jun 2000 12:43:46 -0600 (MDT)
From: "W. Scott Wilburn" <wilburn at lanl.gov>
To: Andy Polyakov <appro at fy.chalmers.se>
cc: ssh at clinet.fi, mfisk at lanl.gov
Subject: Re: F-secure -> Openssh Compatibility
In-Reply-To: <395B8AFF.4CE224EF at fy.chalmers.se>
Message-ID: <Pine.LNX.4.21.0006291243220.2081-100000 at wilburn.lanl.gov>

Andy,

        That would certainly solve the problem, but I try to avoid
maintaining local patches. Any chance this could be accepted by openssh,
or is there a good reason they wouldn't want it?

Scott

On Thu, 29 Jun 2000, Andy Polyakov wrote:

> > > We have Macintoshes running Fsecure SSH client 1.0.1 which are unable to
> > > connect to a server running Openssh 2.1.1 on Red Hat 6.2.
> > 
> > I have it on the authority of our resident Mac expert that F-Secure SSH
> > clients for the Mac, versions 1.0 and 1.0.1 indeed do have a bug that
> > prevents them from successfully connecting to a server running SSH1 in
> > compatilibility mode under SSH2.
> 
> Meaning that F-Secure SSH for Mac prior 1.0.2 sends '\r'-terminated
> protocol identification string. SSH 1.2.x server simply replaces it with
> '\n' and proceeds. SSH 2.x and OpenSSH 2.1 servers in turn ultimately
> insist on '\n' and waits for it forever. I've posted a patch for SSH
> 2.1.0 on the list some time ago. In OpenSSH 1.2.1(p1) case one can do
> something similar to the following:
> 
> *** ./sshd.c.orig       Tue May 30 05:44:54 2000
> --- ./sshd.c    Thu Jun 29 19:10:54 2000
> ***************
> *** 303,308 ****
> --- 303,315 ----
>                         if (buf[i] == '\r') {
>                                 buf[i] = '\n';
>                                 buf[i + 1] = 0;
> +                               /*
> +                                * Kludge to let F-Secure for Macintosh prior
> +                                * 1.0.2 through. <appro at fy.chalmers.se>
> +                                */
> +                               if (i==12 && !memcmp(buf,"SSH-1.5-W1.0",12))
> +                                   break; /* the original SSH 1.2.x way */
> + 
>                                 continue;
>                         }
>                         if (buf[i] == '\n') {
> 
> > I am not sure how NiftyTelnet with SSH would react,
> 
> It would react fine as it sends '\n'-terminated string.
> 
> > It also does scp,
> > unlike the F-Secure client, but it does not do port forwarding.
> > 
> > (I don't know about you, but our experiences with port forwarding on the
> >  Mac are really bad anyway -- it's so slow it's useless,
> 
> Not with all applications. Our users report that e.g Fetch and Anarchie
> work fine, but not MI/X (Microimages' X-server) nor DreamWeaver (an FTP
> client). It should be noted that F-Secure 2.1 for Macintosh (implementing
> protocol version 2) apparently does better job forwarding ports and it's
> *perfectly* usable (at least with the mentioned applications).
> 
> Martin Forssen <maf at appgate.com> wrote:
> > the client gets confused by
> > the version number it initially receives.
> 
> False statement. Client doesn't get confused at all. Server simply
> never replies to the client's "hello."
> 
> Andy.
> 

-- 
*--------------------------------*-------------------------*
| W. Scott Wilburn               | Email: wilburn at lanl.gov |
| Los Alamos National Laboratory | Phone: (505) 667-2107   |
| MS H803                        | Fax:   (505) 665-4121   |
| Los Alamos, NM 87545           |                         |
*--------------------------------*-------------------------*






More information about the openssh-unix-dev mailing list