Duplicate value used in disconnect reason definitons
Ron Frederick
ronf at timeheart.net
Thu Jun 18 10:51:38 AEST 2020
On Jun 17, 2020, at 4:12 PM, Noah <noah at zalev.ca> wrote:
> I could not find anything in the mailing list archive or bug tracker.
>
> In ssh2.h, the value (4) is re-used
>
> 148 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3
> 149 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4
> 150 #define SSH2_DISCONNECT_RESERVED 4
> 151 #define SSH2_DISCONNECT_MAC_ERROR 5
>
>
> Is this intentional?
It looks like it is. The Internet Draft draft-ietf-secsh-transport up through version 6 defines DISCONNECT_HOST_AUTHENTICATION_FAILED as the value 4, but version 7 and later of the draft and RFC 4253 (which is what that draft eventually turned into) seems to redefine it as DISCONNECT_RESERVED. Here’s a diff between versions 6 and 7 where you can see the change: https://tools.ietf.org/rfcdiff?url2=draft-ietf-secsh-transport-07.txt <https://tools.ietf.org/rfcdiff?url2=draft-ietf-secsh-transport-07.txt>
There isn’t any text added which explains this change, and I don’t see any discussion online about this, but it would appear that DISCONNECT_HOST_AUTHENTICATION_FAILED should not be used.
--
Ron Frederick
ronf at timeheart.net
More information about the openssh-unix-dev
mailing list