[SUSPECTED SPAM] default change in 6.2 breaks sslh

Rakulenko A. me at rakul.info
Tue Jan 28 23:54:07 EST 2014


Hi all!

I'm using sslh. It's a multiplexer, used to let you have ssh, https,
stunnel, etc on one port.
In 6.2 there is a change in default behaviour:

 * ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
   now immediately sends its SSH protocol banner to the server without
   waiting to receive the server's banner, saving time when connecting.

which, i suppose, breaks the way sslh detects openssh traffic. I found
the cause in this discussion:
http://rutschle.net/pipermail/sslh/2011-January/000045.html
which is related to similar problem, but with "connectBot" - a mobile
ssh client.

the workaround is simply to add "Protocol 1,2" to ssh_config and force
it to wait for banner.
I'm just not quite sure that this is a good idea to add such config
option, cause everywhere you can see advises never to use ssh version 1,
and probably it would be a security loss to allow one's client to
connect to v.1 servers.

Maybe, if i'm getting everything right, there may be a way to add an
option to force ssh to wait for banner, set off by default?

Alex.

Thank you!


More information about the openssh-unix-dev mailing list