openssh 4.2p1 zlib compression broken for old clients

Harald Koenig H.Koenig at science-computing.de
Thu Oct 27 03:06:55 EST 2005


Hello OpenSSH developers,

openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression:

	# ssh-3.4p1 -C remote-host-with-4.2p1  pwd  
	no matching comp found: client zlib server none,zlib at openssh.com

option "-vv" shows

	...
	debug2: kex_parse_kexinit: zlib
	...
	debug2: kex_parse_kexinit: none,zlib at openssh.com
	...
	debug2: mac_init: found hmac-md5
	no matching comp found: client zlib server none,zlib at openssh.com

using the small patch below makes the old ssh clients happy again with option "-C"


-------------------------------------------------------------------------------
--- openssh-4.2p1/sshd.c~	2005-10-05 17:58:21.000000000 +0200
+++ openssh-4.2p1/sshd.c	2005-10-26 18:17:44.000000000 +0200
@@ -2014,7 +2014,7 @@
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
 	} else if (options.compression == COMP_DELAYED) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com";
+		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com,zlib";
 	}
 	
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
-------------------------------------------------------------------------------


Harald Koenig

PS: yes I know about the security issues using such old ssh clients, but it's
only used in fairly protected small internal customer networks, and the customer
insists not to change anything in those environments running the old ssh clients...
(the surrounding environment is pretty well maintained which is the reason for 
the 4.2p1 sshd;-)
-- 
"I hope to die                                      ___       _____
before I *have* to use Microsoft Word.",           0--,|    /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen.        <_/  /  /OOOOOOOOOOO\
                                                    \  \/OOOOOOOOOOOOOOO\
                                                      \ OOOOOOOOOOOOOOOOO|//
Harald Koenig                                          \/\/\/\/\/\/\/\/\/
science+computing ag                                    //  /     \\  \
koenig at science-computing.de                            ^^^^^       ^^^^^




More information about the openssh-unix-dev mailing list