diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | PROTOCOL | 13 |
2 files changed, 17 insertions, 2 deletions
@@ -33,6 +33,10 @@ | |||
33 | - markus@cvs.openbsd.org 2009/02/13 11:50:21 | 33 | - markus@cvs.openbsd.org 2009/02/13 11:50:21 |
34 | [packet.c] | 34 | [packet.c] |
35 | check for enc !=NULL in packet_start_discard | 35 | check for enc !=NULL in packet_start_discard |
36 | - djm@cvs.openbsd.org 2009/02/14 06:35:49 | ||
37 | [PROTOCOL] | ||
38 | mention that eow and no-more-sessions extensions are sent only to | ||
39 | OpenSSH peers | ||
36 | 40 | ||
37 | 20090212 | 41 | 20090212 |
38 | - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically | 42 | - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically |
@@ -5159,5 +5163,5 @@ | |||
5159 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 5163 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
5160 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 5164 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
5161 | 5165 | ||
5162 | $Id: ChangeLog,v 1.5194 2009/02/14 05:35:01 djm Exp $ | 5166 | $Id: ChangeLog,v 1.5195 2009/02/14 07:00:52 djm Exp $ |
5163 | 5167 | ||
@@ -64,6 +64,12 @@ remain open after a "eow@openssh.com" has been sent and more data may | |||
64 | still be sent in the other direction. This message does not consume | 64 | still be sent in the other direction. This message does not consume |
65 | window space and may be sent even if no window space is available. | 65 | window space and may be sent even if no window space is available. |
66 | 66 | ||
67 | NB. due to certain broken SSH implementations aborting upon receipt | ||
68 | of this message (in contravention of RFC4254 section 5.4), this | ||
69 | message is only sent to OpenSSH peers (identified by banner). | ||
70 | Other SSH implementations may be whitelisted to receive this message | ||
71 | upon request. | ||
72 | |||
67 | 4. connection: disallow additional sessions extension | 73 | 4. connection: disallow additional sessions extension |
68 | "no-more-sessions@openssh.com" | 74 | "no-more-sessions@openssh.com" |
69 | 75 | ||
@@ -87,6 +93,11 @@ connection. | |||
87 | Note that this is not a general defence against compromised clients | 93 | Note that this is not a general defence against compromised clients |
88 | (that is impossible), but it thwarts a simple attack. | 94 | (that is impossible), but it thwarts a simple attack. |
89 | 95 | ||
96 | NB. due to certain broken SSH implementations aborting upon receipt | ||
97 | of this message, the no-more-sessions request is only sent to OpenSSH | ||
98 | servers (identified by banner). Other SSH implementations may be | ||
99 | whitelisted to receive this message upon request. | ||
100 | |||
90 | 5. connection: Tunnel forward extension "tun@openssh.com" | 101 | 5. connection: Tunnel forward extension "tun@openssh.com" |
91 | 102 | ||
92 | OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" | 103 | OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" |
@@ -240,4 +251,4 @@ The values of the f_flag bitmask are as follows: | |||
240 | Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are | 251 | Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are |
241 | advertised in the SSH_FXP_VERSION hello with version "2". | 252 | advertised in the SSH_FXP_VERSION hello with version "2". |
242 | 253 | ||
243 | $OpenBSD: PROTOCOL,v 1.11 2008/07/05 05:16:01 djm Exp $ | 254 | $OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $ |