Re: FreeBSD-localised OpenSSH hangs with Foundry SSH1 server
On Tue, Apr 02, 2002 at 10:40:08AM +0200, Dag-Erling Smorgrav wrote: > > Uh, no, it does not seem to work in ssh_config, only in sshd_config. > Hmm, that needs fixing then. I have written the following patch, seems to work ok. Pierre --- readconf.c.orig Tue Mar 19 14:29:02 2002 +++ readconf.c Tue Apr 2 19:44:46 2002 @@ -116,7 +116,8 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oVersionAddendum } OpCodes; /* Textual representations of the tokens. */ @@ -188,6 +189,7 @@ { "smartcarddevice", oSmartcardDevice }, { "clearallforwardings", oClearAllForwardings }, { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, + { "versionaddendum", oVersionAddendum }, { NULL, oBadOption } }; @@ -675,6 +677,13 @@ } if (*activep && *intptr == -1) *intptr = value; + break; + + case oVersionAddendum: + ssh_version_set_addendum(strtok(s, "\n")); + do { + arg = strdelim(&s); + } while (arg != NULL && *arg != '\0'); break; default:
Re: FreeBSD-localised OpenSSH hangs with Foundry SSH1 server
Pierre Beyssac <[EMAIL PROTECTED]> writes: > On Mon, Apr 01, 2002 at 11:32:07PM +0200, Dag-Erling Smorgrav wrote: > > Look for VersionAddendum in /etc/ssh/sshd_config (it can be used in > > ssh_config as well). > Uh, no, it does not seem to work in ssh_config, only in sshd_config. Hmm, that needs fixing then. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: FreeBSD-localised OpenSSH hangs with Foundry SSH1 server
On Mon, Apr 01, 2002 at 11:32:07PM +0200, Dag-Erling Smorgrav wrote: > > if the FreeBSD-specific string could be shortened (to at most 11 > > chars, which is exactly enough to put "des20020307" in there for > > example ;-), made user-configurable, or altogether removed. > > Look for VersionAddendum in /etc/ssh/sshd_config (it can be used in > ssh_config as well). Uh, no, it does not seem to work in ssh_config, only in sshd_config. Pierre To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: FreeBSD-localised OpenSSH hangs with Foundry SSH1 server
Pierre Beyssac <[EMAIL PROTECTED]> writes: > It would be easier on me (and other Foundry switch users) and in > the interest of interoperability with broken ssh implementations > if the FreeBSD-specific string could be shortened (to at most 11 > chars, which is exactly enough to put "des20020307" in there for > example ;-), made user-configurable, or altogether removed. Look for VersionAddendum in /etc/ssh/sshd_config (it can be used in ssh_config as well). DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
FreeBSD-localised OpenSSH hangs with Foundry SSH1 server
I had problems connecting with the FreeBSD openssh client to a Foundry BigIron gigabit switch running ssh 1.2.27, whereas I can connect fine to the same switch when using a locally-compiled OpenSSH 3.1p1. The culprit is apparently the length of the version string sent by FreeBSD and received by the Foundry switch. If it is over 24 characters, the Foundry ssh daemon just sits there and hangs for a few minutes until it timeouts and closes the connection. If I shorten the client version string to be "OpenSSH_3.1 FreeBSD", everything works ok again. The closest thing to a standard description of the SSH1 protocol I could find is below. It clearly sets a upper limit of 40 characters for the "version" part of the identification string. This is lower than the 42 chars of "OpenSSH_3.1 FreeBSD localisations 20020318", but higher than the maximum of 24 character accepted by the Foundry implementation. So it looks like neither side is strictly compliant to something that's not really a standard anyway. It would be easier on me (and other Foundry switch users) and in the interest of interoperability with broken ssh implementations if the FreeBSD-specific string could be shortened (to at most 11 chars, which is exactly enough to put "des20020307" in there for example ;-), made user-configurable, or altogether removed. http://www.snailbook.com/docs/protocol-1.5.txt Protocol Version Identification After the socket is opened, the server sends an identification string, which is of the form "SSH-.- \n", where and are integers and specify the protocol version number (not software distribution version). is server side software version string (max 40 characters); it is not interpreted by the remote side but may be use- ful for debugging. Pierre To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message