Duplicate value used in disconnect reason definitons

Ron Frederick ronf at timeheart.net
Thu Jun 18 10:51:38 AEST 2020

On Jun 17, 2020, at 4:12 PM, Noah <noah at zalev.ca> wrote:
> I could not find anything in the mailing list archive or bug tracker.
> In ssh2.h, the value (4) is re-used
> 150     #define SSH2_DISCONNECT_RESERVED			4
> 151     #define SSH2_DISCONNECT_MAC_ERROR			5
> Is this intentional?

It looks like it is. The Internet Draft draft-ietf-secsh-transport up through version 6 defines DISCONNECT_HOST_AUTHENTICATION_FAILED as the value 4, but version 7 and later of the draft and RFC 4253 (which is what that draft eventually turned into) seems to redefine it as DISCONNECT_RESERVED. Here’s a diff between versions 6 and 7 where you can see the change: https://tools.ietf.org/rfcdiff?url2=draft-ietf-secsh-transport-07.txt <https://tools.ietf.org/rfcdiff?url2=draft-ietf-secsh-transport-07.txt>

There isn’t any text added which explains this change, and I don’t see any discussion online about this, but it would appear that DISCONNECT_HOST_AUTHENTICATION_FAILED should not be used.
Ron Frederick
ronf at timeheart.net

More information about the openssh-unix-dev mailing list