ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
The SSH library (LGPL license) https://www.libssh.org
4 607 коммитов 3 Ветки 1 Тег 7,9 MiB
C 95%
CMake 4.3%
C++ 0.6%
19cb6f1b6c
Перейти к файлу
Jon Simons 19cb6f1b6c server: fix sending SSH_MSG_EXT_INFO upon rekey 
Fix libssh server sending SSH_MSG_EXT_INFO messages upon rekey: clients
do not expect that message during rekey, and OpenSSH in particular will
log error messages along the lines of:

    "kex protocol error: type 7 seq 15"

when the message is received during a rekey.

To fix, check against the session connected flag, which only transitions
to non-zero following the first successful authentication.

bf2c7128ab adds logic to resolve this
issue, but it turns out that checking the session_state to avoid
sending the message is insufficient, because that state is re-set
to SSH_SESSION_STATE_KEXINIT_RECEIVED during rekey.

The before-and-after effects of this change can be observed using the
pkd --rekey flag as so:

    ./pkd_hello -t torture_pkd_openssh_rsa_rsa_sha2_256 \
      -i1 --rekey=16 -v -v -v 2>&1 |
      grep -e 'KEY' -e 'EXT'

^ where before the change, multiple SSH_MSG_EXT_INFO send messages are
logged; after, there is only a single SSH_MSG_EXT_INFO logged once upon
the first initial key exchange.

Cross-reference: https://bugs.libssh.org/T121.

Signed-off-by: Jon Simons <jon@jonsimons.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2019-04-29 14:00:39 +02:00
cmake cmake: Add support for MemorySanitizer 2019-01-25 16:07:50 +01:00
doc sftp_get_error returns int, not char *. 2019-03-25 18:51:15 +01:00
examples examples: Fix unused parameter warnings in sshd_direct-tcpip 2019-02-21 10:51:07 +01:00
include dh-gex: Verify received primes in FIPS mode to match one of the known groups 2019-04-29 13:18:09 +02:00
obj cmake: Introduce symbol versioning 2018-08-08 20:58:23 +02:00
src server: fix sending SSH_MSG_EXT_INFO upon rekey 2019-04-29 14:00:39 +02:00
tests server: fix queued USERAUTH_SUCCESS rekey bug 2019-04-29 14:00:39 +02:00
.arcconfig arcconfig: Add missing comma 2017-08-21 09:12:36 +02:00
.gitignore Ignore all build and obj* directories 2015-10-28 09:28:33 +01:00
.gitlab-ci.yml Allow building without Group Exchange support 2019-02-07 10:30:05 +01:00
AUTHORS src: Update my mail address. 2014-01-07 16:08:23 +01:00
BSD added a file from openssh needed for known host parsing 2008-11-02 23:46:55 +00:00
ChangeLog Update ChangeLog 2019-01-11 15:56:02 +01:00
CMakeLists.txt cmake,options: Allow to set global bind config file 2019-04-01 08:38:17 +02:00
CompilerChecks.cmake cmake: Add -Wmissing-field-initializers compile flag 2019-01-22 13:12:25 +01:00
config.h.cmake cmake,options: Allow to set global bind config file 2019-04-01 08:38:17 +02:00
ConfigureChecks.cmake Use a common KDF function 2019-03-07 12:03:32 +01:00
COPYING COPYING: Reformat the last paragraph 2018-11-17 20:11:51 +01:00
CPackConfig.cmake cpack: Fix ignore files 2018-08-10 14:18:18 +02:00
CTestConfig.cmake cmake: Drop reports via https only. 2015-02-20 15:47:22 +01:00
DefineOptions.cmake cmake,options: Allow to set global bind config file 2019-04-01 08:38:17 +02:00
INSTALL Update INSTALL file 2019-02-07 10:30:05 +01:00
libssh-config.cmake.in cmake: Refresh the CMake Config files 2018-11-06 13:53:43 +01:00
libssh.pc.cmake cmake: Fix pkg-config file 2018-08-13 13:44:58 +02:00
README Update the README 2016-05-02 11:55:39 +02:00
README.CodingStyle README.Coding: Add section about pointers 2017-09-11 17:14:21 +02:00
README.mbedtls pki: Add mbedTLS ECDSA key comparison support 2018-03-07 15:44:05 +01:00
README.md README: Added markdown readmine with gitlab CI badge 2018-04-18 10:51:43 +02:00
SubmittingPatches Update SubmittingPatches 2017-02-27 11:49:10 +01:00

README.md

pipeline status

  _   _   _                          _
 (_) (_) (_)                        (_)
 (_)  _  (_) _         _  _   _  _  (_) _
 (_) (_) (_)(_) _     (_)(_) (_)(_) (_)(_) _
 (_) (_) (_)   (_)  _ (_)  _ (_)    (_)   (_)
 (_) (_) (_)(_)(_) (_)(_) (_)(_)    (_)   (_).org

 The SSH library

Why?

Why not ? :) I've began to work on my own implementation of the ssh protocol because i didn't like the currently public ones. Not any allowed you to import and use the functions as a powerful library, and so i worked on a library-based SSH implementation which was non-existing in the free and open source software world.

How/Who?

If you downloaded this file, you must know what it is : a library for accessing ssh client services through C libraries calls in a simple manner. Everybody can use this software under the terms of the LGPL - see the COPYING file

If you ask yourself how to compile libssh, please read INSTALL before anything.

Where ?

https://www.libssh.org

Contributing

Please read the file 'SubmittingPatches' next to this README file. It explains our copyright policy and how you should send patches for upstream inclusion.

Have fun and happy libssh hacking!

The libssh Team