IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Identifying a buggy SFTP server found at an archaeological dig



Ron Frederick <ronf%timeheart.net@localhost> writes:

>Alternately, you could try and work around this by having your client not
>advertise any of the group-exchange kex algorithms (anything starting with
>"diffie-hellman-group-exchange-“).

That's somewhat overkill, I don't want to remove any GEX capability just to
deal with one broken server.  I think:

"SSH-2.0-FTP Server ready" -> SSH_MSG_KEY_DH_GEX_REQUEST_OLD
"SSH-2.0-Chilkat_<version>" -> SSH_MSG_KEY_DH_GEX_REQUEST

will do for now, since it fixes the problem with the broken implementation and
doesn't affect any other implementations (I've already got code paths in there
for other implementatons that need this, it's just that the behaviour of this
particular Chilkat server was a new one for me).  I'll report back if this
causes any problems in case the info is of use to others.

Peter.




Home | Main Index | Thread Index | Old Index