diff options
author | Damien Miller <djm@mindrot.org> | 2009-02-14 18:00:52 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2009-02-14 18:00:52 +1100 |
commit | 6385e758dfbc72d461a68cd19819e5f9d41e555c (patch) | |
tree | b35aea3f74f6af0577f59f13f1decadfcf69e938 /PROTOCOL | |
parent | 61433bec808fc90de066902e793147fd5015a2cc (diff) |
- djm@cvs.openbsd.org 2009/02/14 06:35:49
[PROTOCOL]
mention that eow and no-more-sessions extensions are sent only to
OpenSSH peers
Diffstat (limited to 'PROTOCOL')
-rw-r--r-- | PROTOCOL | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -64,6 +64,12 @@ remain open after a "eow@openssh.com" has been sent and more data may | |||
64 | still be sent in the other direction. This message does not consume | 64 | still be sent in the other direction. This message does not consume |
65 | window space and may be sent even if no window space is available. | 65 | window space and may be sent even if no window space is available. |
66 | 66 | ||
67 | NB. due to certain broken SSH implementations aborting upon receipt | ||
68 | of this message (in contravention of RFC4254 section 5.4), this | ||
69 | message is only sent to OpenSSH peers (identified by banner). | ||
70 | Other SSH implementations may be whitelisted to receive this message | ||
71 | upon request. | ||
72 | |||
67 | 4. connection: disallow additional sessions extension | 73 | 4. connection: disallow additional sessions extension |
68 | "no-more-sessions@openssh.com" | 74 | "no-more-sessions@openssh.com" |
69 | 75 | ||
@@ -87,6 +93,11 @@ connection. | |||
87 | Note that this is not a general defence against compromised clients | 93 | Note that this is not a general defence against compromised clients |
88 | (that is impossible), but it thwarts a simple attack. | 94 | (that is impossible), but it thwarts a simple attack. |
89 | 95 | ||
96 | NB. due to certain broken SSH implementations aborting upon receipt | ||
97 | of this message, the no-more-sessions request is only sent to OpenSSH | ||
98 | servers (identified by banner). Other SSH implementations may be | ||
99 | whitelisted to receive this message upon request. | ||
100 | |||
90 | 5. connection: Tunnel forward extension "tun@openssh.com" | 101 | 5. connection: Tunnel forward extension "tun@openssh.com" |
91 | 102 | ||
92 | OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" | 103 | OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" |
@@ -240,4 +251,4 @@ The values of the f_flag bitmask are as follows: | |||
240 | Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are | 251 | Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are |
241 | advertised in the SSH_FXP_VERSION hello with version "2". | 252 | advertised in the SSH_FXP_VERSION hello with version "2". |
242 | 253 | ||
243 | $OpenBSD: PROTOCOL,v 1.11 2008/07/05 05:16:01 djm Exp $ | 254 | $OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $ |