From 6385e758dfbc72d461a68cd19819e5f9d41e555c Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Feb 2009 18:00:52 +1100 Subject: - djm@cvs.openbsd.org 2009/02/14 06:35:49 [PROTOCOL] mention that eow and no-more-sessions extensions are sent only to OpenSSH peers --- PROTOCOL | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'PROTOCOL') diff --git a/PROTOCOL b/PROTOCOL index 37fd536d9..5aada630d 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -64,6 +64,12 @@ remain open after a "eow@openssh.com" has been sent and more data may still be sent in the other direction. This message does not consume window space and may be sent even if no window space is available. +NB. due to certain broken SSH implementations aborting upon receipt +of this message (in contravention of RFC4254 section 5.4), this +message is only sent to OpenSSH peers (identified by banner). +Other SSH implementations may be whitelisted to receive this message +upon request. + 4. connection: disallow additional sessions extension "no-more-sessions@openssh.com" @@ -87,6 +93,11 @@ connection. Note that this is not a general defence against compromised clients (that is impossible), but it thwarts a simple attack. +NB. due to certain broken SSH implementations aborting upon receipt +of this message, the no-more-sessions request is only sent to OpenSSH +servers (identified by banner). Other SSH implementations may be +whitelisted to receive this message upon request. + 5. connection: Tunnel forward extension "tun@openssh.com" OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" @@ -240,4 +251,4 @@ The values of the f_flag bitmask are as follows: Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are advertised in the SSH_FXP_VERSION hello with version "2". -$OpenBSD: PROTOCOL,v 1.11 2008/07/05 05:16:01 djm Exp $ +$OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $ -- cgit v1.2.3