diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | PROTOCOL | 13 |
2 files changed, 17 insertions, 2 deletions
| @@ -33,6 +33,10 @@ | |||
| 33 | - markus@cvs.openbsd.org 2009/02/13 11:50:21 | 33 | - markus@cvs.openbsd.org 2009/02/13 11:50:21 |
| 34 | [packet.c] | 34 | [packet.c] |
| 35 | check for enc !=NULL in packet_start_discard | 35 | check for enc !=NULL in packet_start_discard |
| 36 | - djm@cvs.openbsd.org 2009/02/14 06:35:49 | ||
| 37 | [PROTOCOL] | ||
| 38 | mention that eow and no-more-sessions extensions are sent only to | ||
| 39 | OpenSSH peers | ||
| 36 | 40 | ||
| 37 | 20090212 | 41 | 20090212 |
| 38 | - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically | 42 | - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically |
| @@ -5159,5 +5163,5 @@ | |||
| 5159 | OpenServer 6 and add osr5bigcrypt support so when someone migrates | 5163 | OpenServer 6 and add osr5bigcrypt support so when someone migrates |
| 5160 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ | 5164 | passwords between UnixWare and OpenServer they will still work. OK dtucker@ |
| 5161 | 5165 | ||
| 5162 | $Id: ChangeLog,v 1.5194 2009/02/14 05:35:01 djm Exp $ | 5166 | $Id: ChangeLog,v 1.5195 2009/02/14 07:00:52 djm Exp $ |
| 5163 | 5167 | ||
| @@ -64,6 +64,12 @@ remain open after a "eow@openssh.com" has been sent and more data may | |||
| 64 | still be sent in the other direction. This message does not consume | 64 | still be sent in the other direction. This message does not consume |
| 65 | window space and may be sent even if no window space is available. | 65 | window space and may be sent even if no window space is available. |
| 66 | 66 | ||
| 67 | NB. due to certain broken SSH implementations aborting upon receipt | ||
| 68 | of this message (in contravention of RFC4254 section 5.4), this | ||
| 69 | message is only sent to OpenSSH peers (identified by banner). | ||
| 70 | Other SSH implementations may be whitelisted to receive this message | ||
| 71 | upon request. | ||
| 72 | |||
| 67 | 4. connection: disallow additional sessions extension | 73 | 4. connection: disallow additional sessions extension |
| 68 | "no-more-sessions@openssh.com" | 74 | "no-more-sessions@openssh.com" |
| 69 | 75 | ||
| @@ -87,6 +93,11 @@ connection. | |||
| 87 | Note that this is not a general defence against compromised clients | 93 | Note that this is not a general defence against compromised clients |
| 88 | (that is impossible), but it thwarts a simple attack. | 94 | (that is impossible), but it thwarts a simple attack. |
| 89 | 95 | ||
| 96 | NB. due to certain broken SSH implementations aborting upon receipt | ||
| 97 | of this message, the no-more-sessions request is only sent to OpenSSH | ||
| 98 | servers (identified by banner). Other SSH implementations may be | ||
| 99 | whitelisted to receive this message upon request. | ||
| 100 | |||
| 90 | 5. connection: Tunnel forward extension "tun@openssh.com" | 101 | 5. connection: Tunnel forward extension "tun@openssh.com" |
| 91 | 102 | ||
| 92 | OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" | 103 | OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" |
| @@ -240,4 +251,4 @@ The values of the f_flag bitmask are as follows: | |||
| 240 | Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are | 251 | Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are |
| 241 | advertised in the SSH_FXP_VERSION hello with version "2". | 252 | advertised in the SSH_FXP_VERSION hello with version "2". |
| 242 | 253 | ||
| 243 | $OpenBSD: PROTOCOL,v 1.11 2008/07/05 05:16:01 djm Exp $ | 254 | $OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $ |