openssh 4.2p1 zlib compression broken for old clients

Harald Koenig H.Koenig at science-computing.de
Thu Oct 27 18:55:22 EST 2005


On Oct 26, Iain Morgan wrote:

> This is spelt out pretty clearly in the ChangeLog for 4.2p1 and (if I recall 
> correctly) in the release announcement on this list. Admittedly, the 
> sshd_config(5) man page does not appear to call out this issue.

thanks for your pointer to the docs (and sorry for not having read/understood them all).
maybe you can answer two more open questions on that topic, please ?

> Set Compression=yes in your sshd_config and the old clients should behave.


a)
what's the reason/benefit for the new delayed compression, or otherway round:
what's the (maybe furture) drawback if I'll use "Compression yes" in sshd_conf for backward compatibility ?
is this to avoid small packets for authentication getting larger by zlib compression ?


b)
what's the reason of the different code in sshconnect2.c/ssh_kex2() and sshd.c/do_ssh2_kex()
for this setup ?  sshconnect2.c/ssh_kex2() already uses

	if (options.compression) {
		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
		myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib at openssh.com,zlib,none";
	} else {
		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com,zlib";
	}

and thus offers a fallback to old "zlib" scheme, while sshd.c/do_ssh2_kex() reads

	if (options.compression == COMP_NONE) {
		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
	} else if (options.compression == COMP_DELAYED) {
		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com";
	}

not offering a fallback for old clients. why not allowing a fallback for compatibility 
to old "zlib" in case that an old client does not yet support the new "delayed" scheme ?


if that's not a good idea, what about a new setting "delayed+compat-fallback" for "Compression"
which would allow new ssh clients to benefit/use "delayed" compression and wouldn't break it 
for old clients ?  
the patch below might be a possibility to offer both ways at the same time ?!


btw: the comment for "compression" in servconf.h is no longer exact, because
with the COMP_DELAYED setting it's no longer a boolean value, so "true" might
be misleading (COMP_DELAYED==2 is true, but only _delayed_ compression is allowed):


	int     compression;	/* If true, compression is allowed */
	                              ^^^^


suggestion for giving delayed compression with legacy fallback:
-------------------------------------------------------------------------------
diff -ur ../../orig/openssh-4.2p1/kex.h ./kex.h
--- ../../orig/openssh-4.2p1/kex.h	2005-07-26 13:54:56.000000000 +0200
+++ ./kex.h	2005-10-27 10:43:07.000000000 +0200
@@ -38,6 +38,7 @@
 #define COMP_NONE	0
 #define COMP_ZLIB	1
 #define COMP_DELAYED	2
+#define COMP_DELAYED_COMP	3
 
 enum kex_init_proposals {
 	PROPOSAL_KEX_ALGS,
Only in .: kex.h~
diff -ur ../../orig/openssh-4.2p1/servconf.c ./servconf.c
--- ../../orig/openssh-4.2p1/servconf.c	2005-08-12 14:11:37.000000000 +0200
+++ ./servconf.c	2005-10-27 10:46:55.000000000 +0200
@@ -738,6 +738,8 @@
 		value = 0;	/* silence compiler */
 		if (strcmp(arg, "delayed") == 0)
 			value = COMP_DELAYED;
+		if (strcmp(arg, "delayed+fallback") == 0)
+			value = COMP_DELAYED_COMP;
 		else if (strcmp(arg, "yes") == 0)
 			value = COMP_ZLIB;
 		else if (strcmp(arg, "no") == 0)
Only in .: servconf.c~
diff -ur ../../orig/openssh-4.2p1/sshd.c ./sshd.c
--- ../../orig/openssh-4.2p1/sshd.c	2005-07-26 13:54:56.000000000 +0200
+++ ./sshd.c	2005-10-27 10:47:22.000000000 +0200
@@ -1998,6 +1998,9 @@
 	if (options.compression == COMP_NONE) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+	} else if (options.compression == COMP_DELAYED_COMP) {
+		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com,zlib";
 	} else if (options.compression == COMP_DELAYED) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib at openssh.com";
Only in .: sshd.c~
-------------------------------------------------------------------------------



thanks for your comments,

Harald Koenig
-- 
"I hope to die                                      ___       _____
before I *have* to use Microsoft Word.",           0--,|    /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen.        <_/  /  /OOOOOOOOOOO\
                                                    \  \/OOOOOOOOOOOOOOO\
                                                      \ OOOOOOOOOOOOOOOOO|//
Harald Koenig                                          \/\/\/\/\/\/\/\/\/
science+computing ag                                    //  /     \\  \
koenig at science-computing.de                            ^^^^^       ^^^^^




More information about the openssh-unix-dev mailing list