Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

openssh 4.2p1 zlib compression broken for old clients

20 views
Skip to first unread message

Harald Koenig

unread,
Oct 26, 2005, 1:22:58 PM10/26/05
to
Hello OpenSSH developers,

openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression:

# ssh-3.4p1 -C remote-host-with-4.2p1 pwd
no matching comp found: client zlib server none,zl...@openssh.com

option "-vv" shows

...
debug2: kex_parse_kexinit: zlib
...
debug2: kex_parse_kexinit: none,zl...@openssh.com
...
debug2: mac_init: found hmac-md5
no matching comp found: client zlib server none,zl...@openssh.com

using the small patch below makes the old ssh clients happy again with option "-C"


-------------------------------------------------------------------------------
--- openssh-4.2p1/sshd.c~ 2005-10-05 17:58:21.000000000 +0200
+++ openssh-4.2p1/sshd.c 2005-10-26 18:17:44.000000000 +0200
@@ -2014,7 +2014,7 @@
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zl...@openssh.com";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zl...@openssh.com,zlib";
}

myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
-------------------------------------------------------------------------------


Harald Koenig

PS: yes I know about the security issues using such old ssh clients, but it's
only used in fairly protected small internal customer networks, and the customer
insists not to change anything in those environments running the old ssh clients...
(the surrounding environment is pretty well maintained which is the reason for
the 4.2p1 sshd;-)
--
"I hope to die ___ _____
before I *have* to use Microsoft Word.", 0--,| /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen. <_/ / /OOOOOOOOOOO\
\ \/OOOOOOOOOOOOOOO\
\ OOOOOOOOOOOOOOOOO|//
Harald Koenig \/\/\/\/\/\/\/\/\/
science+computing ag // / \\ \
koe...@science-computing.de ^^^^^ ^^^^^

_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

Harald Koenig

unread,
Oct 26, 2005, 1:31:36 PM10/26/05
to
On Oct 26, Harald Koenig wrote:

> openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression:
>
> # ssh-3.4p1 -C remote-host-with-4.2p1 pwd
> no matching comp found: client zlib server none,zl...@openssh.com

one more note on that topic: for more recent ssh clients, the connection
does not fail anymore, but compression falls back to "none" which result
in an unexpexted performace loss...


Harald Koenig

Iain Morgan

unread,
Oct 26, 2005, 2:43:08 PM10/26/05
to
On Wed Oct 26 10:06:55 2005, Harald Koenig wrote:
>
> Hello OpenSSH developers,

>
> openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression:
>

This is spelt out pretty clearly in the ChangeLog for 4.2p1 and (if I recall
correctly) in the release announcement on this list. Admittedly, the
sshd_config(5) man page does not appear to call out this issue.

Set Compression=yes in your sshd_config and the old clients should behave.

> # ssh-3.4p1 -C remote-host-with-4.2p1 pwd
> no matching comp found: client zlib server none,zl...@openssh.com
>

> option "-vv" shows
>
> ...
> debug2: kex_parse_kexinit: zlib
> ...
> debug2: kex_parse_kexinit: none,zl...@openssh.com
> ...
> debug2: mac_init: found hmac-md5

> no matching comp found: client zlib server none,zl...@openssh.com
>

> using the small patch below makes the old ssh clients happy again with option "-C"
>
>
> -------------------------------------------------------------------------------
> --- openssh-4.2p1/sshd.c~ 2005-10-05 17:58:21.000000000 +0200
> +++ openssh-4.2p1/sshd.c 2005-10-26 18:17:44.000000000 +0200
> @@ -2014,7 +2014,7 @@
> myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
> } else if (options.compression == COMP_DELAYED) {
> myproposal[PROPOSAL_COMP_ALGS_CTOS] =
> - myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zl...@openssh.com";
> + myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zl...@openssh.com,zlib";
> }
>
> myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
> -------------------------------------------------------------------------------
>
>
> Harald Koenig
>
> PS: yes I know about the security issues using such old ssh clients, but it's
> only used in fairly protected small internal customer networks, and the customer
> insists not to change anything in those environments running the old ssh clients...
> (the surrounding environment is pretty well maintained which is the reason for
> the 4.2p1 sshd;-)

> --
> "I hope to die ___ _____
> before I *have* to use Microsoft Word.", 0--,| /OOOOOOO\
> Donald E. Knuth, 02-Oct-2001 in Tuebingen. <_/ / /OOOOOOOOOOO\
> \ \/OOOOOOOOOOOOOOO\
> \ OOOOOOOOOOOOOOOOO|//
> Harald Koenig \/\/\/\/\/\/\/\/\/
> science+computing ag // / \\ \
> koe...@science-computing.de ^^^^^ ^^^^^
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-...@mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>


--
Iain Morgan

Harald Koenig

unread,
Oct 27, 2005, 5:06:11 AM10/27/05
to
On Oct 26, Iain Morgan wrote:

> This is spelt out pretty clearly in the ChangeLog for 4.2p1 and (if I recall
> correctly) in the release announcement on this list. Admittedly, the
> sshd_config(5) man page does not appear to call out this issue.

thanks for your pointer to the docs (and sorry for not having read/understood them all).
maybe you can answer two more open questions on that topic, please ?

> Set Compression=yes in your sshd_config and the old clients should behave.


a)
what's the reason/benefit for the new delayed compression, or otherway round:
what's the (maybe furture) drawback if I'll use "Compression yes" in sshd_conf for backward compatibility ?
is this to avoid small packets for authentication getting larger by zlib compression ?


b)
what's the reason of the different code in sshconnect2.c/ssh_kex2() and sshd.c/do_ssh2_kex()
for this setup ? sshconnect2.c/ssh_kex2() already uses

if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "zl...@openssh.com,zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zl...@openssh.com,zlib";
}

and thus offers a fallback to old "zlib" scheme, while sshd.c/do_ssh2_kex() reads

if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =


myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =

myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zl...@openssh.com";
}

not offering a fallback for old clients. why not allowing a fallback for compatibility
to old "zlib" in case that an old client does not yet support the new "delayed" scheme ?


if that's not a good idea, what about a new setting "delayed+compat-fallback" for "Compression"
which would allow new ssh clients to benefit/use "delayed" compression and wouldn't break it
for old clients ?
the patch below might be a possibility to offer both ways at the same time ?!


btw: the comment for "compression" in servconf.h is no longer exact, because
with the COMP_DELAYED setting it's no longer a boolean value, so "true" might
be misleading (COMP_DELAYED==2 is true, but only _delayed_ compression is allowed):


int compression; /* If true, compression is allowed */
^^^^


suggestion for giving delayed compression with legacy fallback:
-------------------------------------------------------------------------------
diff -ur ../../orig/openssh-4.2p1/kex.h ./kex.h
--- ../../orig/openssh-4.2p1/kex.h 2005-07-26 13:54:56.000000000 +0200
+++ ./kex.h 2005-10-27 10:43:07.000000000 +0200
@@ -38,6 +38,7 @@
#define COMP_NONE 0
#define COMP_ZLIB 1
#define COMP_DELAYED 2
+#define COMP_DELAYED_COMP 3

enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
Only in .: kex.h~
diff -ur ../../orig/openssh-4.2p1/servconf.c ./servconf.c
--- ../../orig/openssh-4.2p1/servconf.c 2005-08-12 14:11:37.000000000 +0200
+++ ./servconf.c 2005-10-27 10:46:55.000000000 +0200
@@ -738,6 +738,8 @@
value = 0; /* silence compiler */
if (strcmp(arg, "delayed") == 0)
value = COMP_DELAYED;
+ if (strcmp(arg, "delayed+fallback") == 0)
+ value = COMP_DELAYED_COMP;
else if (strcmp(arg, "yes") == 0)
value = COMP_ZLIB;
else if (strcmp(arg, "no") == 0)
Only in .: servconf.c~
diff -ur ../../orig/openssh-4.2p1/sshd.c ./sshd.c
--- ../../orig/openssh-4.2p1/sshd.c 2005-07-26 13:54:56.000000000 +0200
+++ ./sshd.c 2005-10-27 10:47:22.000000000 +0200
@@ -1998,6 +1998,9 @@
if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+ } else if (options.compression == COMP_DELAYED_COMP) {
+ myproposal[PROPOSAL_COMP_ALGS_CTOS] =


+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zl...@openssh.com,zlib";

} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =

myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zl...@openssh.com";
Only in .: sshd.c~
-------------------------------------------------------------------------------

thanks for your comments,

Harald Koenig

Markus Friedl

unread,
Oct 27, 2005, 6:35:33 AM10/27/05
to
allowing zlib compresison is a server side risk.

delaying compression until the user is authenticated reduces
the server side risk.

i don't see why the code should change.

if it's a problem, then only in the documentation:

Compression
Specifies whether compression is allowed, or delayed until the
user has authenticated successfully. The argument must be
``yes'', ``delayed'', or ``no''. The default is ``delayed''.

0 new messages