IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Additional AD Comment: draft-ietf-secsh-publickey-subsystem and garbage



Sam Hartman wrote:

I'd like to draw your attention to a particularly annoying  part of RFC 4254:

      This last form executes a predefined subsystem.  It is expected that
      these will include a general file transfer mechanism, and possibly
      other features.  Implementations may also allow configuring more such
      mechanisms.  As the user's shell is usually used to execute the
      subsystem, it is advisable for the subsystem protocol to have a
      "magic cookie" at the beginning of the protocol transaction to
      distinguish it from arbitrary output generated by shell
      initialization scripts, etc.  This spurious output from the shell may
      be filtered out either at the server or at the client.

In order to guarantee interoperability, your subsystem needs to be
able to filter out leading garbage and clients MUST do so.

The spec doesn't currently do this.

I think the version packet can serve this purpose.

Something like this inserted in the version packet
description:

Implementations SHOULD use the first 15 bytes of
the version packet as a "magice cookie" (see RFC
4252, Section Xxx) to avoid processing spurious
output from the users shell.  These bytes will
always be:

0x00 0x00 0x00 0x0F 0x00 0x00 0x00 0x07 0x76 0x65
0x72 0x73 0x69 0x6F 0x6E

(Someone should check my hand encoding of the version
packet-- note that the actual version packet has an
additional four bytes which are the actual version number--
I didn't include this in the magic cookie because
it isn't constant.)

Thanks,

Joseph



Home | Main Index | Thread Index | Old Index