From owner-freebsd-current Mon Apr 1 10:48:38 2002 Delivered-To: freebsd-current@freebsd.org Received: from fasterix.frmug.org (fasterix.frmug.org [137.194.24.200]) by hub.freebsd.org (Postfix) with ESMTP id 2322337B416; Mon, 1 Apr 2002 10:48:16 -0800 (PST) Received: from fasterix.frmug.org (localhost [127.0.0.1]) by fasterix.frmug.org (8.12.2/8.12.2) with ESMTP id g31ImAcP056607 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 1 Apr 2002 20:48:10 +0200 (CEST) (envelope-from pb@fasterix.frmug.org) Received: (from pb@localhost) by fasterix.frmug.org (8.12.2/8.12.2/Submit) id g31ImA7V056606; Mon, 1 Apr 2002 20:48:10 +0200 (CEST) Message-ID: <20020401204810.A55589@fasterix.frmug.org> Date: Mon, 1 Apr 2002 20:48:10 +0200 From: Pierre Beyssac To: freebsd-current@freebsd.org Cc: des@freebsd.org Subject: FreeBSD-localised OpenSSH hangs with Foundry SSH1 server Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.92.8i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I had problems connecting with the FreeBSD openssh client to a Foundry BigIron gigabit switch running ssh 1.2.27, whereas I can connect fine to the same switch when using a locally-compiled OpenSSH 3.1p1. The culprit is apparently the length of the version string sent by FreeBSD and received by the Foundry switch. If it is over 24 characters, the Foundry ssh daemon just sits there and hangs for a few minutes until it timeouts and closes the connection. If I shorten the client version string to be "OpenSSH_3.1 FreeBSD", everything works ok again. The closest thing to a standard description of the SSH1 protocol I could find is below. It clearly sets a upper limit of 40 characters for the "version" part of the identification string. This is lower than the 42 chars of "OpenSSH_3.1 FreeBSD localisations 20020318", but higher than the maximum of 24 character accepted by the Foundry implementation. So it looks like neither side is strictly compliant to something that's not really a standard anyway. It would be easier on me (and other Foundry switch users) and in the interest of interoperability with broken ssh implementations if the FreeBSD-specific string could be shortened (to at most 11 chars, which is exactly enough to put "des20020307" in there for example ;-), made user-configurable, or altogether removed. http://www.snailbook.com/docs/protocol-1.5.txt Protocol Version Identification After the socket is opened, the server sends an identification string, which is of the form "SSH-.- \n", where and are integers and specify the protocol version number (not software distribution version). is server side software version string (max 40 characters); it is not interpreted by the remote side but may be use- ful for debugging. Pierre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message