From owner-freebsd-bugs Mon Dec 4 16:20: 6 2000 From owner-freebsd-bugs@FreeBSD.ORG Mon Dec 4 16:20:01 2000 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id EBADD37B401 for ; Mon, 4 Dec 2000 16:20:00 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id eB50K0l32129; Mon, 4 Dec 2000 16:20:00 -0800 (PST) (envelope-from gnats) Resent-Date: Mon, 4 Dec 2000 16:20:00 -0800 (PST) Resent-Message-Id: <200012050020.eB50K0l32129@freefall.freebsd.org> Resent-From: gnats-admin@FreeBSD.org (GNATS Management) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: gnats-admin@FreeBSD.org, sec@ice.42.org Received: from ice.42.org (ice.42.org [194.246.250.222]) by hub.freebsd.org (Postfix) with ESMTP id 0273D37B400 for ; Mon, 4 Dec 2000 16:14:10 -0800 (PST) Received: by ice.42.org (Postfix, from userid 1000) id B834DF9; Tue, 5 Dec 2000 01:14:07 +0100 (CET) Message-Id: <20001205001407.B834DF9@ice.42.org> Date: Tue, 5 Dec 2000 01:14:07 +0100 (CET) From: sec@ice.42.org Reply-To: sec@ice.42.org To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/23286: openssh is too verbose Resent-Sender: gnats@FreeBSD.org Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 23286 >Category: bin >Synopsis: openssh is too verbose >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Dec 04 16:20:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Stefan `Sec` Zehl >Release: FreeBSD 4.1-STABLE i386 >Organization: >Environment: >Description: The ssh binary in the FreeBSD base distribution is too verbose. When ssh'ing to an host running an old ssh version it outputs: | Warning: Server lies about size of server host key: actual size is 1023 bits vs. announced 1024. | Warning: This may be due to an old implementation of ssh. This has several problems: - It is not possible to disable this without disabling ALL warnings. Disabling ALL warnings is obviously not a good idea for security related products - It outputs this even in non-interactive mode, so I'm forced to modify automatic scrips to cater for this behaviour. This way the FreeBSD-4.x ssh is gratitously incompatible to older versions. - If users get exposed to meaningless warnings they quickly learn to ignore warnings. This is obviosly a bad idea, as we want them to notice in case there is somthing we really need to warn the user about. >How-To-Repeat: ssh to an host with an old keysize length. >Fix: Cater explicitly for the 'one-bit-defference' case, and remove that now meaningless 'This may be due to an old implementation' line. --- /usr/src/crypto/openssh/sshconnect1.c.orig Tue Dec 5 00:44:27 2000 +++ /usr/src/crypto/openssh/sshconnect1.c Tue Dec 5 00:44:27 2000 @@ -744,9 +744,9 @@ rbits = BN_num_bits(host_key->n); if (bits != rbits) { + if (rbits+1 != bits) log("Warning: Server lies about size of server host key: " "actual size is %d bits vs. announced %d.", rbits, bits); - log("Warning: This may be due to an old implementation of ssh."); } /* Get protocol flags. */ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message