Re: F-secure -> Openssh Compatibility

Thu, 29 Jun 2000 18:05:36 -0700 

> > We have Macintoshes running Fsecure SSH client 1.0.1 which are unable to
> > connect to a server running Openssh 2.1.1 on Red Hat 6.2.
> 
> I have it on the authority of our resident Mac expert that F-Secure SSH
> clients for the Mac, versions 1.0 and 1.0.1 indeed do have a bug that
> prevents them from successfully connecting to a server running SSH1 in
> compatilibility mode under SSH2.

Meaning that F-Secure SSH for Mac prior 1.0.2 sends '\r'-terminated
protocol identification string. SSH 1.2.x server simply replaces it with
'\n' and proceeds. SSH 2.x and OpenSSH 2.1 servers in turn ultimately
insist on '\n' and waits for it forever. I've posted a patch for SSH
2.1.0 on the list some time ago. In OpenSSH 1.2.1(p1) case one can do
something similar to the following:

*** ./sshd.c.orig       Tue May 30 05:44:54 2000
--- ./sshd.c    Thu Jun 29 19:10:54 2000
***************
*** 303,308 ****
--- 303,315 ----
                        if (buf[i] == '\r') {
                                buf[i] = '\n';
                                buf[i + 1] = 0;
+                               /*
+                                * Kludge to let F-Secure for Macintosh prior
+                                * 1.0.2 through. <[EMAIL PROTECTED]>
+                                */
+                               if (i==12 && !memcmp(buf,"SSH-1.5-W1.0",12))
+                                   break; /* the original SSH 1.2.x way */
+ 
                                continue;
                        }
                        if (buf[i] == '\n') {

> I am not sure how NiftyTelnet with SSH would react,

It would react fine as it sends '\n'-terminated string.

> It also does scp,
> unlike the F-Secure client, but it does not do port forwarding.
> 
> (I don't know about you, but our experiences with port forwarding on the
>  Mac are really bad anyway -- it's so slow it's useless,

Not with all applications. Our users report that e.g Fetch and Anarchie
work fine, but not MI/X (Microimages' X-server) nor DreamWeaver (an FTP
client). It should be noted that F-Secure 2.1 for Macintosh (implementing
protocol version 2) apparently does better job forwarding ports and it's
*perfectly* usable (at least with the mentioned applications).

Martin Forssen <[EMAIL PROTECTED]> wrote:
> the client gets confused by
> the version number it initially receives.

False statement. Client doesn't get confused at all. Server simply
never replies to the client's "hello."

Andy.

Reply via email to