[PATCH] gssapi: Set correct state after sending GSSAPI_RESPONSE

Hello, Here's a patch related to changes from CVE-2018-10933: Kerberos Authentication (GSSAPI) as server always fails (on new packet filtering) because SSH_AUTH_STATE_GSSAPI_TOKEN is not correctly set on sending SSH_MSG_USERAUTH_GSSAPI_RESPONSE (containing selected mechanism OID). After this r

RE: libssh 0.8.4 with Cisco router

Hi Andreas, Here's the patch compliant to your coding style. And I'm glad it helped you Jijo. Regards, Meng De : Andreas Schneider Envoyé : mercredi 24 octobre 2018 08:51 À : libssh@libssh.org Cc : Meng Hourk Tan; jijo7tho...@gmail.com Objet :

RE: libssh 0.8.4 with Cisco router

Hello, I had the same issue with some Cisco router: Some Cisco IOS do not send kex if they send the banner last (libssh as a client sent it first). In this situation, both libssh client and Cisco IOS server hang. Libssh client should send kex init as soon as banners are exchanged. I attached

RE: [PATCH] Set correct state after sending INFO_REQUEST (Kbd Interactive)

: Meng Hourk Tan Objet : Re: [PATCH] Set correct state after sending INFO_REQUEST (Kbd Interactive) On Wednesday, 17 October 2018 15:07:14 CEST Meng Hourk Tan wrote: > Hello, Hello Meng, > > Here's a patch related to changes from CVE-2018-10933: > > Keyboard Interactive Auth

[PATCH] Set correct state after sending INFO_REQUEST (Kbd Interactive)

Hello, Here's a patch related to changes from CVE-2018-10933: Keyboard Interactive Authentication as server always fails (on new packet filtering) because SSH_AUTH_STATE_INFO is not correctly set on Keyboard Interactive request. This can be tested with samplesshd-kbdint example. This patch

RE: Global Request for tcpip reverse forward

for a pull request of this patch if it works better. Regards, Meng De : Martín Fernández Envoyé : lundi 16 avril 2018 22:35:23 À : Meng Hourk Tan; libssh@libssh.org Objet : RE: Global Request for tcpip reverse forward Meng, Any change you can take a look

RE: Global Request for tcpip reverse forward

ds, Meng De : Martín Fernández Envoyé : jeudi 29 mars 2018 18:45:49 À : Meng Hourk Tan; libssh@libssh.org Objet : RE: Global Request for tcpip reverse forward Meng, Thank you very much for your response! Actually, I have tried that before. After sending the global respons

RE: Global Request for tcpip reverse forward

Hi Martin, I think your code lacks one step on server side: After the Server handles the request using callback global_request_function and responds with ssh_message_global_request_reply_success, You need to create a new channel and call ssh_channel_open_reverse_forward() on this channel. Th

[PATCH] Fix ssh_event_add_session() when session socket has two pollhandlers

Hello, Here's a patch to fix an issue when moving pollhandlers from a session to a ssh_event object. The issue occurs when session socket has two different pollhandler (for poll_in and poll_out, when using proxycommand in my case), only the poll_in was moved and poll_out was still in session

[PATCH] Set channel as bound when accepting channel open request

Hello, Here's a patch to fix some segmentation fault (double free) issues: A channel requested by remote (can be client or server) will have the flag SSH_CHANNEL_FLAG_NOT_BOUND always set. So, if the program free the channel before receiving a close, it will be freed immediately and on recei

RE: [PATCH 0/4] chachapoly: chacha20-poly1...@openssh.com support

: Andreas Schneider Envoyé : jeudi 12 octobre 2017 10:42:12 À : libssh@libssh.org Objet : Re: [PATCH 0/4] chachapoly: chacha20-poly1...@openssh.com support On Monday, 18 September 2017 11:47:33 CEST Meng Hourk Tan wrote: > Here is a patch to support chacha20-poly1...@openssh.com in libssh. &

[PATCH 4/4] chachapoly: add chachapoly structures with compilation conditions (chacha20-poly1...@openssh.com support)

From 78b054eae890e36a556d1ed46df73b5f15f5df69 Mon Sep 17 00:00:00 2001 From: Meng Tan Date: Mon, 18 Sep 2017 11:34:50 +0200 Subject: [PATCH 4/4] chachapoly: add chachapoly structures with compilation conditions (chacha20-poly1...@openssh.com support) Signed-off-by: Meng Tan --- include/libssh

[PATCH 2/4] chachapoly: handle packet encryption with authenticated encryption mode

From a991c4af004f7f761a702f3f4a4cb9747068c1f2 Mon Sep 17 00:00:00 2001 From: Meng Tan Date: Mon, 18 Sep 2017 11:34:50 +0200 Subject: [PATCH 2/4] chachapoly: handle packet encryption with authenticated encryption mode Signed-off-by: Meng Tan --- src/packet.c | 81

[PATCH 3/4] chachapoly: add external files

From 3ae2f64ce8ff011f26b965322541c60e7d108a0e Mon Sep 17 00:00:00 2001 From: Meng Tan Date: Mon, 18 Sep 2017 11:34:50 +0200 Subject: [PATCH 3/4] chachapoly: add external files Signed-off-by: Meng Tan --- CMakeLists.txt | 2 +- DefineOptions.cmake | 1 + config.h.cmake

[PATCH 1/4] chachapoly: refactor cipher structs, add no hmac possibility

From c7cd2cf47a632940f6adfa487b7dd6d9a35c4487 Mon Sep 17 00:00:00 2001 From: Meng Tan Date: Mon, 18 Sep 2017 11:34:50 +0200 Subject: [PATCH 1/4] chachapoly: refactor cipher structs, add no hmac possibility Signed-off-by: Meng Tan --- include/libssh/crypto.h | 18 +++--- include/l

[PATCH 0/4] chachapoly: chacha20-poly1...@openssh.com support

Here is a patch to support chacha20-poly1...@openssh.com in libssh. First commit changes some cipher structures needed to prepare the field. Then I tried to the least possible changes in sending and receiving packet functions to support authenticated encryption mode. Some files from openssh have b

[PATCH] client: send kex as soon as banners are exchanged

Some ssh servers, in cisco IOS, do not send kex if they send the banner last. In this situation, both libssh client and the cisco IOS server hang. Libssh client should send kex init as soon as banners are exchanged. Signed-off-by: Meng Tan --- src/client.c | 30 +-