Re: Additional AD Comment: draft-ietf-secsh-publickey-subsystem and garbage

[Joseph Galbraith <galb-list%vandyke.com@localhost>]

Sam Hartman wrote:
> I'd like to draw your attention to a particularly annoying  part of RFC 4254:
>
>       This last form executes a predefined subsystem.  It is expected that
>       these will include a general file transfer mechanism, and possibly
>       other features.  Implementations may also allow configuring more such
>       mechanisms.  As the user's shell is usually used to execute the
>       subsystem, it is advisable for the subsystem protocol to have a
>       "magic cookie" at the beginning of the protocol transaction to
>       distinguish it from arbitrary output generated by shell
>       initialization scripts, etc.  This spurious output from the shell may
>       be filtered out either at the server or at the client.
>
> In order to guarantee interoperability, your subsystem needs to be
> able to filter out leading garbage and clients MUST do so.
>
> The spec doesn't currently do this.

I think the version packet can serve this purpose.

Something like this inserted in the version packet
description:

Implementations SHOULD use the first 15 bytes of
the version packet as a "magice cookie" (see RFC
4252, Section Xxx) to avoid processing spurious
output from the users shell.  These bytes will
always be:

0x00 0x00 0x00 0x0F 0x00 0x00 0x00 0x07 0x76 0x65
0x72 0x73 0x69 0x6F 0x6E

(Someone should check my hand encoding of the version
packet-- note that the actual version packet has an
additional four bytes which are the actual version number--
I didn't include this in the magic cookie because
it isn't constant.)

Thanks,

Joseph