diff options
author | Damien Miller <djm@mindrot.org> | 2009-02-14 18:00:52 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2009-02-14 18:00:52 +1100 |
commit | 6385e758dfbc72d461a68cd19819e5f9d41e555c (patch) | |
tree | b35aea3f74f6af0577f59f13f1decadfcf69e938 | |
parent | 61433bec808fc90de066902e793147fd5015a2cc (diff) | |
download | openssh-git-6385e758dfbc72d461a68cd19819e5f9d41e555c.tar.gz |
- djm@cvs.openbsd.org 2009/02/14 06:35:49
[PROTOCOL]
mention that eow and no-more-sessions extensions are sent only to
OpenSSH peers
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | PROTOCOL | 13 |
2 files changed, 17 insertions, 2 deletions
@@ -33,6 +33,10 @@ - markus@cvs.openbsd.org 2009/02/13 11:50:21 [packet.c] check for enc !=NULL in packet_start_discard + - djm@cvs.openbsd.org 2009/02/14 06:35:49 + [PROTOCOL] + mention that eow and no-more-sessions extensions are sent only to + OpenSSH peers 20090212 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically @@ -5159,5 +5163,5 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5194 2009/02/14 05:35:01 djm Exp $ +$Id: ChangeLog,v 1.5195 2009/02/14 07:00:52 djm Exp $ @@ -64,6 +64,12 @@ remain open after a "eow@openssh.com" has been sent and more data may still be sent in the other direction. This message does not consume window space and may be sent even if no window space is available. +NB. due to certain broken SSH implementations aborting upon receipt +of this message (in contravention of RFC4254 section 5.4), this +message is only sent to OpenSSH peers (identified by banner). +Other SSH implementations may be whitelisted to receive this message +upon request. + 4. connection: disallow additional sessions extension "no-more-sessions@openssh.com" @@ -87,6 +93,11 @@ connection. Note that this is not a general defence against compromised clients (that is impossible), but it thwarts a simple attack. +NB. due to certain broken SSH implementations aborting upon receipt +of this message, the no-more-sessions request is only sent to OpenSSH +servers (identified by banner). Other SSH implementations may be +whitelisted to receive this message upon request. + 5. connection: Tunnel forward extension "tun@openssh.com" OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" @@ -240,4 +251,4 @@ The values of the f_flag bitmask are as follows: Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are advertised in the SSH_FXP_VERSION hello with version "2". -$OpenBSD: PROTOCOL,v 1.11 2008/07/05 05:16:01 djm Exp $ +$OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $ |