OpenSSH 6.6.x sends invalid SSH_MSG_USERAUTH_INFO_REQUEST
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Apr 7 00:29:52 AEST 2015
I've had a report from a user that "SSH-2.0-OpenSSH_6.6.1_hpn13v11
FreeBSD-20140420" is sending an invalid SSH_MSG_USERAUTH_INFO_REQUEST.
Checking against the server in question, it first sends a valid request
(empty name, empty instruction, empty language, single prompt for a
password):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ................
00 00 00 28 50 61 73 73 77 6f 72 64 20 66 6f 72 ...(Password for
[...]
to which I reply with a SSH_MSG_USERAUTH_INFO_RESPONSE. The server then sends
a second SSH_MSG_USERAUTH_INFO_REQUEST consisting of 16 bytes of zeros:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
for which, even if you ignore the fact that it fails a data-validity check,
I'm not sure how you're supposed to respond, since it's asked for zero
responses to its authentication request.
Peter.
More information about the openssh-unix-dev
mailing list