Package: ssh Version: 1:3.8.1p1-8.sarge.4 Severity: minor Hi,
I do not know if this classifies as a bug or feature request and if there are any security implications from the problem below. I noticed that sshd does not encode the banner file in ISO-10646 UTF-8 before sending it to the client as specified in draft-ietf-secsh-userauth-27.txt. Instead it seems to send the file as is. It also seems as the client does not convert the banner from UTF-8 to the codepage it runs in. To test that the server does not encode the banner properly one can create a banner with non-ascii characters and save it with a non ISO-10646 UTF-8 codepage (iso-8859-1 in my case). Then connect to the server with a ssh client running in a UTF-8 environment. To test that the client does not convert the banner to the current codepage one can create a banner same as above, but save it in UTF-8 (with gedit for instance) and then connect to the server using a ssh client running in a non UTF-8 environment. /Lars. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages ssh depends on: ii adduser 3.63 Add and remove users and groups ii debconf 1.4.30.13 Debian configuration management sy ii dpkg 1.10.27 Package maintenance system for Deb ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7e-3 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.2-3 compression library - runtime -- debconf information: ssh/insecure_rshd: ssh/ssh2_keys_merged: ssh/user_environment_tell: * ssh/forward_warning: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true ssh/protocol2_only: true ssh/encrypted_host_key_but_no_keygen: ssh/run_sshd: true ssh/SUID_client: true ssh/disable_cr_auth: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
