OpenSSH 6.6.x sends invalid SSH_MSG_USERAUTH_INFO_REQUEST

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Apr 7 00:29:52 AEST 2015


I've had a report from a user that "SSH-2.0-OpenSSH_6.6.1_hpn13v11
FreeBSD-20140420" is sending an invalid SSH_MSG_USERAUTH_INFO_REQUEST.
Checking against the server in question, it first sends a valid request
(empty name, empty instruction, empty language, single prompt for a 
password):

  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01  ................
  00 00 00 28 50 61 73 73 77 6f 72 64 20 66 6f 72  ...(Password for
  [...]

to which I reply with a SSH_MSG_USERAUTH_INFO_RESPONSE.  The server then sends
a second SSH_MSG_USERAUTH_INFO_REQUEST consisting of 16 bytes of zeros:

  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

for which, even if you ignore the fact that it fails a data-validity check,
I'm not sure how you're supposed to respond, since it's asked for zero
responses to its authentication request.

Peter.


More information about the openssh-unix-dev mailing list