Re: Identifying a buggy SFTP server found at an archaeological dig

To: Ron Frederick <ronf%timeheart.net@localhost>
Subject: Re: Identifying a buggy SFTP server found at an archaeological dig
From: Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost>
Date: Sun, 12 May 2024 10:08:57 +0000

Ron Frederick <ronf%timeheart.net@localhost> writes:

>Alternately, you could try and work around this by having your client not
>advertise any of the group-exchange kex algorithms (anything starting with
>"diffie-hellman-group-exchange-“).

That's somewhat overkill, I don't want to remove any GEX capability just to
deal with one broken server.  I think:

"SSH-2.0-FTP Server ready" -> SSH_MSG_KEY_DH_GEX_REQUEST_OLD
"SSH-2.0-Chilkat_<version>" -> SSH_MSG_KEY_DH_GEX_REQUEST

will do for now, since it fixes the problem with the broken implementation and
doesn't affect any other implementations (I've already got code paths in there
for other implementatons that need this, it's just that the behaviour of this
particular Chilkat server was a new one for me).  I'll report back if this
causes any problems in case the info is of use to others.

Peter.

Follow-Ups:
- Re: Identifying a buggy SFTP server found at an archaeological dig
  - From: Ron Frederick

References:
- Identifying a buggy SFTP server found at an archaeological dig
  - From: Peter Gutmann
- Re: Identifying a buggy SFTP server found at an archaeological dig
  - From: Ron Frederick
- Re: Identifying a buggy SFTP server found at an archaeological dig
  - From: Peter Gutmann
- Re: Identifying a buggy SFTP server found at an archaeological dig
  - From: Ron Frederick

Prev by Date: Re: Identifying a buggy SFTP server found at an archaeological dig
Next by Date: Re: Identifying a buggy SFTP server found at an archaeological dig
Previous by Thread: Re: Identifying a buggy SFTP server found at an archaeological dig
Next by Thread: Re: Identifying a buggy SFTP server found at an archaeological dig
Indexes:

Home | Main Index | Thread Index | Old Index