x/crypto/ssh: return error if other side version is older

[ultram4rine]

What version of Go are you using (go version)?

$ go version
go version go1.16.5 linux/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

linux amd64

What did you do?

Dial to an SSH device with SSHv1 on board.

What did you expect to see?

An error which says that SSHv1 and SSHv2 incompatible

What did you see instead?

That error: ssh: handshake failed: ssh: invalid packet length, packet too large

---

To get this, in readVersion func, add check like this before return version (it's very close to how paramiko does that):

version := bytes.Split(versionString, []byte("-"))[1]
// RFC 4253, section 5.1 says that version '1.99' used to
// identify compability with older versions of protocol.
if !bytes.Equal(version, []byte("1.99")) && !bytes.Equal(version, []byte("2.0")) {
    return nil, fmt.Errorf("ssh: incompatible versions (%s and 2.0)", version)
}

Also, as I understand, RFC4253, section 5.2 says that client with newer version should close the connection to the older server when it happens.

I try to can send it to Gerrit with a test if you want.

Thanks.

[gopherbot]

Change https://golang.org/cl/344129 mentions this issue: ssh: return error if other side version not 2.0 or 1.99

[rsc]

This doesn't need to be a proposal. Connecting to a pre-1.99 SSH is guaranteed to fail and should report a useful error.