otp.git/lib/ssh/src, branch OTP-17.5.6.2 Mirror of Erlang/OTP repository. Merge branch 'hans/ssh/codenomicon_degradation/OTP-12784' into maint-17 2015-06-01T10:06:33+00:00 Erlang/OTP otp@erlang.org 2015-06-01T10:06:33+00:00 1de75380804938117b198bed4cfa42ce85b8143b * hans/ssh/codenomicon_degradation/OTP-12784: ssh: update ssh version ssh: Plain text message returned for invalid version exchange ssh: Implement keyboard_interactive on server side ssh: Check e and f parameters in kexdh ssh: Set max num algoritms in msg_kexinit negotiation 
* hans/ssh/codenomicon_degradation/OTP-12784:
  ssh: update ssh version
  ssh: Plain text message returned for invalid version exchange
  ssh: Implement keyboard_interactive on server side
  ssh: Check e and f parameters in kexdh
  ssh: Set max num algoritms in msg_kexinit negotiation
ssh: Plain text message returned for invalid version exchange 2015-05-29T13:00:21+00:00 Hans hans@erlang.org 2015-05-28T18:58:28+00:00 4cb16a7ed0f0491ccf8defbeb62a9b0e96923372 This is how OpenSSH does. The bytes returned will be put on the user's tty, so it is better with text than a ssh_msg_disconnect 
This is how OpenSSH does. The bytes returned will be put on the
user's tty, so it is better with text than a ssh_msg_disconnect
ssh: Implement keyboard_interactive on server side 2015-05-29T13:00:21+00:00 Hans hans@erlang.org 2015-05-27T14:46:24+00:00 2d9a5afcd801837be7637048977982bd9e1330f5 






ssh: Check e and f parameters in kexdh
2015-05-29T13:00:21+00:00

Hans Nilsson
hans@erlang.org

2015-05-08T13:39:38+00:00

59b5884dfef313c09d79f3c18063297c81fb67d5

rfc 4253 says in section 8 that:
   "Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
     sent or accepted by either side.  If this condition is violated, the
     key exchange fails."

This commit implements the reception check.





rfc 4253 says in section 8 that:
   "Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be
     sent or accepted by either side.  If this condition is violated, the
     key exchange fails."

This commit implements the reception check.







ssh: Set max num algoritms in msg_kexinit negotiation
2015-05-29T13:00:21+00:00

Hans
hans@erlang.org

2015-05-26T17:23:04+00:00

979b94a3f31697fe06f329660f2ea9e48944490a

This is to prevent some dos-attac scenarios.  The limit is hard-coded.





This is to prevent some dos-attac scenarios.  The limit is hard-coded.







ssh: handle that inet:getopts(Socket, [recbuf]) may return {ok, []}
2015-05-29T12:59:52+00:00

Ingela Anderton Andin
ingela@erlang.org

2015-05-29T08:15:51+00:00

92a9ddf4c4169c486c1b3bfe958464a90b553289

If something bad happens and the socket is closed the
call inet:getopts(Socket, [recbuf]) may return {ok, []}. We
want to treat this as a fatal error and terminate gracefully.
The same goes for the case that inet:getopts returns {error, Reason}
that was not handled either.





If something bad happens and the socket is closed the
call inet:getopts(Socket, [recbuf]) may return {ok, []}. We
want to treat this as a fatal error and terminate gracefully.
The same goes for the case that inet:getopts returns {error, Reason}
that was not handled either.







ssh: option for handling the SSH_MSG_DEBUG message's printouts
2015-05-13T11:01:18+00:00

Hans Nilsson
hans@erlang.org

2015-05-12T15:03:28+00:00

7aef211a66219b6fef9d0bdaf9b09be6c2e0a32f

A fun could be given in the options that will be called whenever
the SSH_MSG_DEBUG message arrives.  This enables the user to
format the printout or just discard it.

The default is changed to not print the message. In RFC4253
printing is a SHOULD, but our new default is to protect logs
from dos attacs.





A fun could be given in the options that will be called whenever
the SSH_MSG_DEBUG message arrives.  This enables the user to
format the printout or just discard it.

The default is changed to not print the message. In RFC4253
printing is a SHOULD, but our new default is to protect logs
from dos attacs.







ssh: added id_string option for server and client
2015-04-21T07:25:52+00:00

Hans Nilsson
hans@erlang.org

2015-04-16T14:12:49+00:00

20707ef7688bed44fec39c4673a8823211e94149

For limiting Banner Grabbing attempts.





For limiting Banner Grabbing attempts.







ssh: Reset upgrade instructions to default
2015-04-07T21:19:11+00:00

Ingela Anderton Andin
ingela@erlang.org

2015-04-07T21:19:11+00:00

af095b98e089e3a4a5db5012dbdc0d579367a907












ssh: Option minimal_remote_max_packet_size and test cases
2015-04-07T21:02:58+00:00

Hans Nilsson
hans@erlang.org

2015-04-07T15:12:56+00:00

3cf856fb8896dc61a0c6aaaab7f0679f3baf64db