Skip to content

x/crypto/ssh: return error if other side version is older #46951

Open
@ultram4rine

Description

@ultram4rine

What version of Go are you using (go version)?

$ go version
go version go1.16.5 linux/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

linux amd64

What did you do?

Dial to an SSH device with SSHv1 on board.

What did you expect to see?

An error which says that SSHv1 and SSHv2 incompatible

What did you see instead?

That error: ssh: handshake failed: ssh: invalid packet length, packet too large


To get this, in readVersion func, add check like this before return version (it's very close to how paramiko does that):

version := bytes.Split(versionString, []byte("-"))[1]
// RFC 4253, section 5.1 says that version '1.99' used to
// identify compability with older versions of protocol.
if !bytes.Equal(version, []byte("1.99")) && !bytes.Equal(version, []byte("2.0")) {
    return nil, fmt.Errorf("ssh: incompatible versions (%s and 2.0)", version)
}

Also, as I understand, RFC4253, section 5.2 says that client with newer version should close the connection to the older server when it happens.

I try to can send it to Gerrit with a test if you want.

Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    NeedsFixThe path to resolution is known, but the work has not been done.

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions