-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some bugixes to run on for Mac OS X #28
Conversation
2 similar comments
@@ -69,9 +69,11 @@ protected function createResponse( | |||
$kexAlgo = new $kexAlgo(); | |||
$message = \fpoirotte\Pssht\Messages\KEXDH\INIT::unserialize($decoder); | |||
|
|||
if (!$message->getQ()->isValid()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did you have to change that line?
Thanks for your words and your patch. While the second change is obviously required (I missed a variable rename while refactoring the code), I don't understand your other change (in src/Handlers/KEXDH/INIT.php). Could you please explain why it was necessary? |
Hi, when i uncomment it, i can't connect with |
I forgot to rename that variable while refactoring some code, leading to errors about undefined variables being used. See also #28.
OK, I temporarily disabled the check but plan to change the code later to include a proper fix. This however leaves some users vulnerable (those who use Elliptic Curve Diffie-Hellman, aka. ECDH) as invalid public keys could be used. Given that this project is mainly a toy and not intended for production use, it's a risk I'm willing to take for now. |
I agree, this should only be a temporary fix, especially as it opens some vulnerabilities! We really hope, that this project will switch to a stable and secure version as soon as possible, because it would perfectly fit to provide a secure shell for our application server. So, on the one hand, if we can provide you some help, feel free to give us a hint :) On the other hand, it'll be helpful if there'll be something like a roadmap with tasks that have to be solved! And again, projects like this are great enrichment for the PHP ecosystem 👍 |
And before i forget: It'll be really helpful if you could tag this version :) |
v0.1.1 ~~~~~~ * [#28] Temporarily fix Diffie–Hellman key exchange by disabling public key validation for Elliptic Curve Diffie–Hellman. This code will be revisited later on as it currently represents a possible security threat when ECDH is used. * Improve README (installation instruction, changelog). * Change the default ``pssht.xml`` so that it accepts connections from the same user as the one starting the server (prior to this change, it used an hardcoded username).
I just released version 0.1.1 which includes this fix as well as various other improvements. Hope this makes it easier for you. The roadmap for the project is defined as a series of milestones (see https://github.com/fpoirotte/pssht/milestones), but as you can see, the current milestone is way overdue. |
Hi François, thanks, thats awesome! I'll checkout the new version and the roadmap tomorrow :) Cheers Tim Wagner Telefon +49-8031-221055-0 TechDivision GmbH MAGENTO GOLD PARTNER
|
Hi, i tried to run the server on Mac OS X Yosemite and found some problems. After some fixes, it finally work. Very interesting project, congratulations!!!! We think about using it in our application server after some testing :)