openssh 4.2p1 zlib compression broken for old clients

Thu Oct 27 04:31:35 EST 2005

On Wed Oct 26 10:06:55 2005, Harald Koenig wrote:
> 
> Hello OpenSSH developers,
> 
> openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression:
> 

This is spelt out pretty clearly in the ChangeLog for 4.2p1 and (if I recall 
correctly) in the release announcement on this list. Admittedly, the 
sshd_config(5) man page does not appear to call out this issue.

Set Compression=yes in your sshd_config and the old clients should behave.

> 	# ssh-3.4p1 -C remote-host-with-4.2p1  pwd  
> 	no matching comp found: client zlib server none,zlib at openssh.com
> 
> option "-vv" shows
> 
> 	...
> 	debug2: kex_parse_kexinit: zlib
> 	...
> 	debug2: kex_parse_kexinit: none,zlib at openssh.com
> 	...
> 	debug2: mac_init: found hmac-md5
> 	no matching comp found: client zlib server none,zlib at openssh.com
> 
> using the small patch below makes the old ssh clients happy again with option "-C"
> 
> 
> -------------------------------------------------------------------------------
> --- openssh-4.2p1/sshd.c~	2005-10-05 17:58:21.000000000 +0200
> +++ openssh-4.2p1/sshd.c	2005-10-26 18:17:44.000000000 +0200
> @@ -2014,7 +2014,7 @@
>  		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
>  	} else if (options.compression == COMP_DELAYED) {
>  		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
> -		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com";
> +		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com,zlib";
>  	}
>  	
>  	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
> -------------------------------------------------------------------------------
> 
> 
> Harald Koenig
> 
> PS: yes I know about the security issues using such old ssh clients, but it's
> only used in fairly protected small internal customer networks, and the customer
> insists not to change anything in those environments running the old ssh clients...
> (the surrounding environment is pretty well maintained which is the reason for 
> the 4.2p1 sshd;-)
> -- 
> "I hope to die                                      ___       _____
> before I *have* to use Microsoft Word.",           0--,|    /OOOOOOO\
> Donald E. Knuth, 02-Oct-2001 in Tuebingen.        <_/  /  /OOOOOOOOOOO\
>                                                     \  \/OOOOOOOOOOOOOOO\
>                                                       \ OOOOOOOOOOOOOOOOO|//
> Harald Koenig                                          \/\/\/\/\/\/\/\/\/
> science+computing ag                                    //  /     \\  \
> koenig at science-computing.de                            ^^^^^       ^^^^^
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 

--
Iain Morgan