Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=3129

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker@dtucker.net

--- Comment #1 from Darren Tucker <dtucker@dtucker.net> ---
Created attachment 3359
--> https://bugzilla.mindrot.org/attachment.cgi?id=3359&action=edit
Add peer info to kex_exchange_identification error messages

Please try this patch.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3129

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3117


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3117
[Bug 3117] Tracking bug for 8.3 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3129

--- Comment #2 from Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> ---
(In reply to Darren Tucker from comment #1)

The patch looks OK for me, but I cannot really test it as the machine
where I see it is some appliance where I can't replace code, and I'm
not able to trigger this error on any machines where I could replace
sshd.
The only thing in the patch that makes me (as a no-"ssh developer")
wonder is the size reserved for the identification: 512
It should be large enough, but maybe even it's too large. Isn't there a
symbolic constant for that?

Other things I'm thinking of is the consistency of messages containing
the peer:
"from server %s" (at end)
"with peer %s" (at end)
"remote host %s" (at end)
"%s: peer %s" (at beginning)
"from peer %s" (in middle)
"with peer %s" (in middle)

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3129

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org

--- Comment #3 from Damien Miller <djm@mindrot.org> ---
Maybe we should instead downgrade some of the error messages in
kex_exchange_identification() to debug severity and have the caller
call sshpkt_fatal() as that logs the connection details in a
semi-standard format

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3129

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3365| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #4 from Damien Miller <djm@mindrot.org> ---
Created attachment 3365
--> https://bugzilla.mindrot.org/attachment.cgi?id=3365&action=edit
use sshpkt_fatal() for kex_exchange_identification() errors

This uses sshpkt_fatal() to record errors from
kex_exchange_identification(). This should make it consistent with most
other exit messages.

Examples:

[djm@djm openssh]$ ./ssh -p 2222 127.0.0.1
Protocol major versions differ: 2 vs. 1
banner exchange: Connection to 127.0.0.1 port 2222: could not read
protocol version
[djm@djm openssh]$ ./ssh -p 2222 127.0.0.1
kex_exchange_identification: Connection closed by remote host
Connection closed by 127.0.0.1 port 2222

There's arguably a little duplication between the error messages in
some cases, but I think that's acceptable.

Note that this required some renovation of
kex_exchange_identification() to preserve errno for
SSH_ERR_SYSTEM_ERROR cases. That's the bulk of the diff.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3129

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3365|ok?(dtucker@dtucker.net) |ok+
Flags| |

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3129

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED

--- Comment #5 from Damien Miller <djm@mindrot.org> ---
Patch applied and will be in openssh-8.2

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs