Possible problem with sshconnect1.c in openssh-2.5.1p2
Byron Jennings
jennings at triumf.ca
Sat Mar 10 10:52:28 EST 2001
I have the same problem connect to a vax. The vax (VMS) is using
OSU_1.1 ssh.
The change you suggested fixed the problem.
Byron Jennings
On Fri, 9 Mar 2001, Michael Krivacek wrote:
>
> Hi all,
>
> I have come across a problem that seems to have been introduced
> between openssh-2.3.0p1 and openssh-2.5.1. I sadly admit that my
> SSH knowledge is limited, so this problem could very well be with
> the server implementation. Hopefully someone can educate me...
>
> Netscreen produces hardware encryption boxes which have the
> capability of being managed by SSH (protocol version 1.) With the
> 2.3.0 series of OpenSSH I was able to access my Netscreen boxes
> fine. However I was initially able to connect with the 2.5.1
> series. I followed the source code and noticed a change in
> sshconnect1.c between 2.3.0 and 2.5.1. In the function
> "try_password_authentication" the line:
>
> packet_put_string(password, strlen(password));
>
> became:
>
> ssh_put_password(password);
>
> "ssh_put_password" appears to pad the password prior to
> encrypting and sending it.
>
> If I modify sshconnect1.c and change
> "ssh_put_password(password);" to "packet_put_string(password,strlen(password));"
> it starts working.
>
> What are implications of doing this? Does it sound like the
> Netscreen SSH server implementation is not correct?
>
> Thanks,
>
> Michael Krivacek
>
>
>
--
More information about the openssh-unix-dev
mailing list