Sending SSH_MSG_DISCONNECT before dropping connections

olle ollesson bpsr77 at hotmail.com
Fri Dec 2 08:32:37 EST 2005


Hi again,

Thanks for the clarifcation Markus. Now the natural next question:

Is there any reason to why OpenSSH does not do it that way, that is, sens 
SSH_MSG_DISCONNECT with an SSH_DISCONNECT_TOO_MANY_CONNECTIONS reason code 
before closing the socket when the max number of allowed sessions has been 
reached? What are the pros and cons in doing so?

Here's my two cents

Pros:
>From a client perspective it would be really valuable (at least to me) to 
get an indication to why the connection setup attempt failed. Note, there 
could be other reasons besides too many connection like for example 
SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT which could be handled in the 
same way.

Cons:
The "Protocol Version Exchange" messages needs to be sent first.

Thanks in advance.

Best Regards,
Olle



>From: Markus Friedl <markus at openbsd.org>
>To: olle ollesson <bpsr77 at hotmail.com>
>CC: openssh-unix-dev at mindrot.org
>Subject: Re: Sending SSH_MSG_DISCONNECT before dropping connections
>Date: Thu, 1 Dec 2005 19:56:43 +0100
>
>On Thu, Dec 01, 2005 at 06:03:08PM +0100, olle ollesson wrote:
> > The draft says it can be sent at any time. Can we send it before the
> > "Protocol Version Exchange"?
>	no
> > Before the Key Exchange?
>	yes
>
>_______________________________________________
>openssh-unix-dev mailing list
>openssh-unix-dev at mindrot.org
>http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/




More information about the openssh-unix-dev mailing list