I have released a lsh-0.9.11. It improves the SRP support, although it
doesn't yet implement it the same way as described in the draft. In
particular, when SRP is enabled, it is possible to skip the
ssh-userauth protocol, and start the ssh-connection directly.
To do this, I had to do some changes to the userauth code. I added a
user object in the main state struct ssh_connection. This simplified
some things. I also changed the way services are called.
Before, a service started directly after key exchange was a command
taking a connection as argument, initializing the service, and then
returning the same connection.
Services started after user authentication were different, they were
called with the user object as argument, and should returned a
new command connection -> connection.
Now, services are always started the same way, no matter if they are
started before or after userauthentication. They get the connection as
argument, and can get the user object from there. Services that
require authentication should check that the user is not NULL, if
there is any chance that they can be invoked without
userauthentication.
All this is good and well. But it has probably broken the lsh_proxy
(although to my surprise, it still compiled without errors).
Bazsi: Do you have time to update the proxy code, or do I have to do
that?
Best regards,
/Niels
