- djm@cvs.openbsd.org 2009/02/14 06:35:49

[PROTOCOL] mention that eow and no-more-sessions extensions are sent only to OpenSSH peers
author: Damien Miller <djm@mindrot.org> 2009-02-14 18:00:52 +1100
committer: Damien Miller <djm@mindrot.org> 2009-02-14 18:00:52 +1100
commit: 6385e758dfbc72d461a68cd19819e5f9d41e555c (patch)
tree: b35aea3f74f6af0577f59f13f1decadfcf69e938 /PROTOCOL
parent: 61433bec808fc90de066902e793147fd5015a2cc (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/PROTOCOL b/PROTOCOL
index 37fd536d9..5aada630d 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -64,6 +64,12 @@ remain open after a "eow@openssh.com" has been sent and more data may
 still be sent in the other direction. This message does not consume
 window space and may be sent even if no window space is available.
+NB. due to certain broken SSH implementations aborting upon receipt
+of this message (in contravention of RFC4254 section 5.4), this
+message is only sent to OpenSSH peers (identified by banner).
+Other SSH implementations may be whitelisted to receive this message
+upon request.
 4. connection: disallow additional sessions extension
   "no-more-sessions@openssh.com"
@@ -87,6 +93,11 @@ connection.
 Note that this is not a general defence against compromised clients
 (that is impossible), but it thwarts a simple attack.
+NB. due to certain broken SSH implementations aborting upon receipt
+of this message, the no-more-sessions request is only sent to OpenSSH
+servers (identified by banner). Other SSH implementations may be
+whitelisted to receive this message upon request.
 5. connection: Tunnel forward extension "tun@openssh.com"
 OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
@@ -240,4 +251,4 @@ The values of the f_flag bitmask are as follows:
 Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are
 advertised in the SSH_FXP_VERSION hello with version "2".
-$OpenBSD: PROTOCOL,v 1.11 2008/07/05 05:16:01 djm Exp $
+$OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $
author	Damien Miller <djm@mindrot.org>	2009-02-14 18:00:52 +1100
committer	Damien Miller <djm@mindrot.org>	2009-02-14 18:00:52 +1100
commit	6385e758dfbc72d461a68cd19819e5f9d41e555c (patch)
tree	b35aea3f74f6af0577f59f13f1decadfcf69e938 /PROTOCOL
parent	61433bec808fc90de066902e793147fd5015a2cc (diff)

diff --git a/PROTOCOL b/PROTOCOL index 37fd536d9..5aada630d 100644 --- a/PROTOCOL +++ b/PROTOCOL
@@ -64,6 +64,12 @@ remain open after a "eow@openssh.com" has been sent and more data may
64	still be sent in the other direction. This message does not consume	64	still be sent in the other direction. This message does not consume
65	window space and may be sent even if no window space is available.	65	window space and may be sent even if no window space is available.
66		66
		67	NB. due to certain broken SSH implementations aborting upon receipt
		68	of this message (in contravention of RFC4254 section 5.4), this
		69	message is only sent to OpenSSH peers (identified by banner).
		70	Other SSH implementations may be whitelisted to receive this message
		71	upon request.
		72
67	4. connection: disallow additional sessions extension	73	4. connection: disallow additional sessions extension
68	"no-more-sessions@openssh.com"	74	"no-more-sessions@openssh.com"
69		75
@@ -87,6 +93,11 @@ connection.
87	Note that this is not a general defence against compromised clients	93	Note that this is not a general defence against compromised clients
88	(that is impossible), but it thwarts a simple attack.	94	(that is impossible), but it thwarts a simple attack.
89		95
		96	NB. due to certain broken SSH implementations aborting upon receipt
		97	of this message, the no-more-sessions request is only sent to OpenSSH
		98	servers (identified by banner). Other SSH implementations may be
		99	whitelisted to receive this message upon request.
		100
90	5. connection: Tunnel forward extension "tun@openssh.com"	101	5. connection: Tunnel forward extension "tun@openssh.com"
91		102
92	OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"	103	OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
@@ -240,4 +251,4 @@ The values of the f_flag bitmask are as follows:
240	Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are	251	Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are
241	advertised in the SSH_FXP_VERSION hello with version "2".	252	advertised in the SSH_FXP_VERSION hello with version "2".
242		253
243	$OpenBSD: PROTOCOL,v 1.11 2008/07/05 05:16:01 djm Exp $	254	$OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $