[jira] [Commented] (SSHD-930) Send the client version string after receiving the version string of the server

Fri, 12 Jul 2019 08:26:51 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16883907#comment-16883907
 ] 

Thomas Wolf commented on SSHD-930:
----------------------------------

More research: it appears that this changed in OpenSSH in version 6.2; see the 
[release notes|https://www.openssh.com/txt/release-6.2], the corresponding 
[discussion|https://bugzilla.mindrot.org/show_bug.cgi?id=1999] and 
[commit|https://github.com/openssh/openssh-portable/commit/00c1518a4d]. That 
was in 2012. Apparently reading the server's identification string first is SSH 
v1. So maybe adding an option to do this might be worth the trouble after all 
if one wants to use Apache MINA sshd to talk to old SSH servers. I notice that 
{{sshj}} also has an option to first read the server's identification.

But the proxy protocol must still run earlier.

> Send the client version string after receiving the version string of the 
> server
> -------------------------------------------------------------------------------
>
>                 Key: SSHD-930
>                 URL: https://issues.apache.org/jira/browse/SSHD-930
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 2.2.0
>            Reporter: Zhenliang Su
>            Assignee: Goldstein Lyor
>            Priority: Major
>             Fix For: 2.3.1
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The rfc4253 does not indicate whether the ssh client must send its own 
> version number right after receiving the version number of the server.
> I have encountered a situation where mina-sshd is used to connect to cisco's 
> sshd service, sometimes it can be connected, sometimes not connected.
> Some rules are found by capturing packets. If the client sends its own 
> version number after receiving the version number of the server, it can be 
> connected. If the client sends its own version number before receiving the 
> version number of the server, then it will not be connected.
> I think, a better way is to change the SshClient code to send the version 
> number of the client right after receiving the version number of the server.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to