Re: Identifying a buggy SFTP server found at an archaeological dig

To: Ron Frederick <ronf%timeheart.net@localhost>
Subject: Re: Identifying a buggy SFTP server found at an archaeological dig
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Wed, 8 May 2024 08:18:06 +0000

Ron Frederick <ronf%timeheart.net@localhost> writes:

>A quick search for that identification string with Google seems to point at a
>“Chilkat sFTP” server

Yeah, I'd seen that too but saw other info that it used "SSH-2.0-
Chilkat_<version>", and I'm nervous about adding a bugfix for a particular
broken server that may end up misidentifying non-broken servers, either ones
that use the same generic string or ones that fixed it at some point but since
the string doesn't include a version you can't tell who's running the fixed
version.  From this page:

https://www.chilkatsoft.com/refdoc/cssftpref.html

it looks like they disabled stuff like HMAC-MD5, RIPEMD-160, and similar only
in the very latest version (April 2024), so perhaps "SSH-2.0-FTP Server ready"
= broken, "SSH-2.0-Chilkat_<version>" = non-broken?

Peter.

Follow-Ups:
- Re: Identifying a buggy SFTP server found at an archaeological dig
  - From: Ron Frederick

References:
- Identifying a buggy SFTP server found at an archaeological dig
  - From: Peter Gutmann
- Re: Identifying a buggy SFTP server found at an archaeological dig
  - From: Ron Frederick

Prev by Date: Re: Identifying a buggy SFTP server found at an archaeological dig
Next by Date: Re: Identifying a buggy SFTP server found at an archaeological dig
Previous by Thread: Re: Identifying a buggy SFTP server found at an archaeological dig
Next by Thread: Re: Identifying a buggy SFTP server found at an archaeological dig
Indexes:

Home | Main Index | Thread Index | Old Index