Re: FreeBSD-localised OpenSSH hangs with Foundry SSH1 server

2002-04-02 Thread Pierre Beyssac 

On Tue, Apr 02, 2002 at 10:40:08AM +0200, Dag-Erling Smorgrav wrote:
> > Uh, no, it does not seem to work in ssh_config, only in sshd_config.
> Hmm, that needs fixing then.

I have written the following patch, seems to work ok.

Pierre



--- readconf.c.orig Tue Mar 19 14:29:02 2002
+++ readconf.c  Tue Apr  2 19:44:46 2002
@@ -116,7 +116,8 @@
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
-   oClearAllForwardings, oNoHostAuthenticationForLocalhost
+   oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+   oVersionAddendum
 } OpCodes;
 
 /* Textual representations of the tokens. */
@@ -188,6 +189,7 @@
{ "smartcarddevice", oSmartcardDevice },
{ "clearallforwardings", oClearAllForwardings },
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
+   { "versionaddendum", oVersionAddendum },
{ NULL, oBadOption }
 };
 
@@ -675,6 +677,13 @@
}
if (*activep && *intptr == -1)
*intptr = value;
+   break;
+
+   case oVersionAddendum:
+   ssh_version_set_addendum(strtok(s, "\n"));
+   do {
+   arg = strdelim(&s);
+   } while (arg != NULL && *arg != '\0');
break;
 
default:

Re: FreeBSD-localised OpenSSH hangs with Foundry SSH1 server

2002-04-02 Thread Dag-Erling Smorgrav 

Pierre Beyssac <[EMAIL PROTECTED]> writes:
> On Mon, Apr 01, 2002 at 11:32:07PM +0200, Dag-Erling Smorgrav wrote:
> > Look for VersionAddendum in /etc/ssh/sshd_config (it can be used in
> > ssh_config as well).
> Uh, no, it does not seem to work in ssh_config, only in sshd_config.

Hmm, that needs fixing then.

DES
-- 
Dag-Erling Smorgrav - [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: FreeBSD-localised OpenSSH hangs with Foundry SSH1 server

2002-04-01 Thread Pierre Beyssac 

On Mon, Apr 01, 2002 at 11:32:07PM +0200, Dag-Erling Smorgrav wrote:
> > if the FreeBSD-specific string could be shortened (to at most 11
> > chars, which is exactly enough to put "des20020307" in there for
> > example ;-), made user-configurable, or altogether removed.
> 
> Look for VersionAddendum in /etc/ssh/sshd_config (it can be used in
> ssh_config as well).

Uh, no, it does not seem to work in ssh_config, only in sshd_config.

Pierre

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: FreeBSD-localised OpenSSH hangs with Foundry SSH1 server

2002-04-01 Thread Dag-Erling Smorgrav 

Pierre Beyssac <[EMAIL PROTECTED]> writes:
> It would be easier on me (and other Foundry switch users) and in
> the interest of interoperability with broken ssh implementations
> if the FreeBSD-specific string could be shortened (to at most 11
> chars, which is exactly enough to put "des20020307" in there for
> example ;-), made user-configurable, or altogether removed.

Look for VersionAddendum in /etc/ssh/sshd_config (it can be used in
ssh_config as well).

DES
-- 
Dag-Erling Smorgrav - [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

FreeBSD-localised OpenSSH hangs with Foundry SSH1 server

2002-04-01 Thread Pierre Beyssac 

I had problems connecting with the FreeBSD openssh client to a
Foundry BigIron gigabit switch running ssh 1.2.27, whereas I can
connect fine to the same switch when using a locally-compiled OpenSSH 3.1p1.

The culprit is apparently the length of the version string sent by
FreeBSD and received by the Foundry switch. If it is over 24
characters, the Foundry ssh daemon just sits there and hangs for a
few minutes until it timeouts and closes the connection.

If I shorten the client version string to be "OpenSSH_3.1 FreeBSD",
everything works ok again.

The closest thing to a standard description of the SSH1 protocol I
could find is below. It clearly sets a upper limit of 40 characters
for the "version" part of the identification string.  This is lower
than the 42 chars of "OpenSSH_3.1 FreeBSD localisations 20020318",
but higher than the maximum of 24 character accepted by the Foundry
implementation. So it looks like neither side is strictly compliant
to something that's not really a standard anyway.

It would be easier on me (and other Foundry switch users) and in
the interest of interoperability with broken ssh implementations
if the FreeBSD-specific string could be shortened (to at most 11
chars, which is exactly enough to put "des20020307" in there for
example ;-), made user-configurable, or altogether removed.

http://www.snailbook.com/docs/protocol-1.5.txt

Protocol Version Identification

   After the socket is opened, the server sends an identification
   string, which is of the form "SSH-.-
   \n", where  and  are integers
   and specify the protocol version number (not software distribution
   version).   is server side software version string (max 40
   characters); it is not interpreted by the remote side but may be use-
   ful for debugging.

Pierre

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message