Question Reagrding open SSH

Ron Frederick ronf at timeheart.net
Sat Jan 25 01:01:09 EST 2014


On Jan 24, 2014, at 3:31 AM, Darren Tucker <dtucker at zip.com.au> wrote:
> On Fri, Jan 24, 2014 at 9:38 PM, Kumar, Yogendra <Yogendra.Kumar at ncr.com> wrote:
> [...]
>> Connecting to b2bpsftp.dell.com...
>> Sun_SSH_1.1.4, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
> 
> This is not OpenSSH, it's a derivative modified work by Sun/Oracle.
> We can't help you with this.
> 
> [...]
>> debug1: Remote protocol version 2.0, remote software version SecureLink SSH Server (Version 3.2.1.142)
> 
> This is also not OpenSSH, and I've never even heard of it before.  We
> can't help you with this either.  I will say that since your failing
> case didn't even get the remote banner, I'd be looking for problems
> with your network.
> 
> Can you reproduce the problem with the stock OpenSSH built from the
> code from openssh.com?

I ran across something like this when writing my own SSH server recently. I don’t know if it applies here but in my case it turned out to be related to the fact that the Sun client sent its version identification with only a ‘\n’ at the end of the line instead of ‘\r\n’. My server was sending ‘SSH-2.0’ as the version ending with ‘\r\n’ and the client accepted that just fine, but the client sent its version as ‘SSH-2.0’ ending with only ‘\n’. I had to generalize my server code to accept either ‘\r\n’ or just ‘\n’ as a line terminator for the handshake to proceed.

I think the client is out of spec here, but it was a simple change to make. From what I can see in the RFC, the only case where ‘\n’ should be used is on the server when it is in SSHv1-compatibility mode and it sends ‘SSH-1.99’ as the version.
-- 
Ron Frederick
ronf at timeheart.net





More information about the openssh-unix-dev mailing list