Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: return error if other side version is older #46951

Open
ultram4rine opened this issue Jun 28, 2021 · 2 comments
Open

x/crypto/ssh: return error if other side version is older #46951

ultram4rine opened this issue Jun 28, 2021 · 2 comments
Labels
NeedsFix
Milestone

Comments

@ultram4rine
Copy link

@ultram4rine ultram4rine commented Jun 28, 2021

What version of Go are you using (go version)?

$ go version
go version go1.16.5 linux/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

linux amd64

What did you do?

Dial to an SSH device with SSHv1 on board.

What did you expect to see?

An error which says that SSHv1 and SSHv2 incompatible

What did you see instead?

That error: ssh: handshake failed: ssh: invalid packet length, packet too large


To get this, in readVersion func, add check like this before return version (it's very close to how paramiko does that):

version := bytes.Split(versionString, []byte("-"))[1]
// RFC 4253, section 5.1 says that version '1.99' used to
// identify compability with older versions of protocol.
if !bytes.Equal(version, []byte("1.99")) && !bytes.Equal(version, []byte("2.0")) {
    return nil, fmt.Errorf("ssh: incompatible versions (%s and 2.0)", version)
}

Also, as I understand, RFC4253, section 5.2 says that client with newer version should close the connection to the older server when it happens.

I try to can send it to Gerrit with a test if you want.

Thanks.

@gopherbot gopherbot added this to the Proposal milestone Jun 28, 2021
@ianlancetaylor ianlancetaylor added the Proposal-Crypto label Jul 14, 2021
@ianlancetaylor ianlancetaylor added this to Incoming in Proposals Jul 14, 2021
@gopherbot
Copy link

@gopherbot gopherbot commented Aug 21, 2021

Change https://golang.org/cl/344129 mentions this issue: ssh: return error if other side version not 2.0 or 1.99

@rsc
Copy link
Contributor

@rsc rsc commented Oct 13, 2021

This doesn't need to be a proposal. Connecting to a pre-1.99 SSH is guaranteed to fail and should report a useful error.

@rsc rsc added the NeedsFix label Oct 13, 2021
@rsc rsc removed this from Incoming in Proposals Oct 13, 2021
@rsc rsc removed this from the Proposal milestone Oct 13, 2021
@rsc rsc added this to the Backlog milestone Oct 13, 2021
@ultram4rine ultram4rine changed the title proposal: x/crypto/ssh: return error if other side version is older x/crypto/ssh: return error if other side version is older Oct 13, 2021
@ianlancetaylor ianlancetaylor removed Proposal Proposal-Crypto labels Oct 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsFix
Projects
None yet
Development

No branches or pull requests

4 participants