Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Sending SSH_MSG_DISCONNECT before dropping connections

99 views
Skip to first unread message

olle ollesson

unread,
Dec 1, 2005, 12:18:24 PM12/1/05
to
Hi.

>From my understanding the MaxStartups option can be set to limit the number
of concurrent sessions the OpenSSH server opens. My concern is how OpenSSH
handles the case where this number is reached.

>From the code it looks like it simply closes the socket:

sshd.c:1440
if (drop_connection(startups) == 1) {
debug("drop connection #%d", startups);
close(newsock);
continue;
}

Why is there no disconnect message sent that explains to the client why the
socket was closed?

>From draft-ietf-secsh-transport-24.txt, chapter 11:
----------------------------------------------------------
11. Additional Messages

Either party may send any of the following messages at any time.

11.1 Disconnection Message
byte SSH_MSG_DISCONNECT
uint32 reason code
string description [RFC3629]
string language tag [RFC3066]

This message causes immediate termination of the connection. All
implementations MUST be able to process this message; they SHOULD be
able to send this message.

The sender MUST NOT send or receive any data after this message, and
the recipient MUST NOT accept any data after receiving this message.
The Disconnection Message 'description' string gives a more specific
explanation in a human-readable form. The Disconnection Message
'reason code' gives the reason in a more machine-readable format
(suitable for localization), and can have the values as displayed in
the table below. Note that the decimal representation is displayed
in this table for readability but that the values are actually uint32
values.

Symbolic name reason code
------------- -----------
SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1
SSH_DISCONNECT_PROTOCOL_ERROR 2
SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3
SSH_DISCONNECT_RESERVED 4
SSH_DISCONNECT_MAC_ERROR 5
SSH_DISCONNECT_COMPRESSION_ERROR 6
SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7
SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8
SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9
SSH_DISCONNECT_CONNECTION_LOST 10
SSH_DISCONNECT_BY_APPLICATION 11
SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12
SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13
SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14
SSH_DISCONNECT_ILLEGAL_USER_NAME 15
----------------------------------------------------------

If a SSH_DISCONNECT_TOO_MANY_CONNECTIONS disconnect message was to be sent
before the connection is closed how far would the SSH connection setup need
to go before this could be done?

The draft says it can be sent at any time. Can we send it before the
"Protocol Version Exchange"? Probably not. Before the Key Exchange? I'm not
sure. Question is, how far would the ssh negotiation/connection setup need
to go in order for the ssh server to refuse the connection in a more
controlled way, that is sending the SSH_DISCONNECT_TOO_MANY_CONNECTIONS
disconnect message, and still be compliant with the draft standard?

Best Regards,
Olle

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

Markus Friedl

unread,
Dec 1, 2005, 3:26:35 PM12/1/05
to
On Thu, Dec 01, 2005 at 06:03:08PM +0100, olle ollesson wrote:
> The draft says it can be sent at any time. Can we send it before the
> "Protocol Version Exchange"?
no
> Before the Key Exchange?
yes

olle ollesson

unread,
Dec 1, 2005, 4:43:49 PM12/1/05
to
Hi again,

Thanks for the clarifcation Markus. Now the natural next question:

Is there any reason to why OpenSSH does not do it that way, that is, sens
SSH_MSG_DISCONNECT with an SSH_DISCONNECT_TOO_MANY_CONNECTIONS reason code
before closing the socket when the max number of allowed sessions has been
reached? What are the pros and cons in doing so?

Here's my two cents

Pros:
>From a client perspective it would be really valuable (at least to me) to
get an indication to why the connection setup attempt failed. Note, there
could be other reasons besides too many connection like for example
SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT which could be handled in the
same way.

Cons:
The "Protocol Version Exchange" messages needs to be sent first.

Thanks in advance.

Best Regards,
Olle

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Damien Miller

unread,
Dec 1, 2005, 5:43:21 PM12/1/05
to
On Thu, 1 Dec 2005, olle ollesson wrote:

> Hi again,
>
> Thanks for the clarifcation Markus. Now the natural next question:
>
> Is there any reason to why OpenSSH does not do it that way, that is, sens
> SSH_MSG_DISCONNECT with an SSH_DISCONNECT_TOO_MANY_CONNECTIONS reason code
> before closing the socket when the max number of allowed sessions has been
> reached? What are the pros and cons in doing so?

MaxStartups is a DoS mitigation setting - i.e. it is supposed to limit
the effect of someone flooding a server with connections, while still
allowing a real admin a chance of logging in.

As such, there is no point in being polite to people you are going to
drop.

-d

0 new messages