Differences

This shows you the differences between the selected revisions of the page.

2015-04-10 2016-01-20
limit acronym recognition (martin) 5.8.1 Moving SSH-1-only options to less prominent positions on Advanced Site Settings dialog and removing SSH-2-only designations of session options. (martin)
Line 15: Line 15:
&toc_title(Refer to documentation of individual bugs:) &toc_title(Refer to documentation of individual bugs:)
- 
-===== Chokes on SSH-1 ignore messages ===== 
-An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol which can be sent from the client to the server, or from the server to the client, at any time. Either side is required to ignore the message whenever it receives it. WinSCP uses ignore messages to hide the password packet in SSH-1, so that a listener cannot tell the length of the user's password; it also uses ignore messages for [[ui_login_connection#keepalives|connection keepalives]].  
- 
-If this bug is detected, WinSCP will stop using ignore messages. This means that keepalives will stop working, and WinSCP will have to fall back to a secondary defense against [[#refuses_all_ssh-1_password_camouflage|SSH-1 password-length eavesdropping]]. If this bug is enabled when talking to a correct server, the session will succeed, but keepalives will not work and the session might be more vulnerable to eavesdroppers than it could be.  
- 
-This is an %%SSH-1%%-specific bug. No known %%SSH-2%% server fails to deal with %%SSH-2%% ignore messages.  
- 
-===== Refuses all SSH-1 password camouflage ===== 
-When talking to an SSH-1 server which cannot deal with [[#chokes_on_ssh-1_ignore_messages|ignore messages]], WinSCP will attempt to disguise the length of the user's password by sending additional padding within the password packet. This is technically a violation of the %%SSH-1%% specification, and so WinSCP will only do it when it cannot use standards-compliant ignore messages as camouflage. In this sense, for a server to refuse to accept a padded password packet is not really a bug, but it does make life inconvenient if the server can also not handle ignore messages.  
- 
-If this bug is detected, WinSCP will assume that neither ignore messages nor padding are acceptable, and that it thus has no choice but to send the user's password with no form of camouflage, so that an eavesdropping user will be easily able to find out the exact length of the password. If this bug is enabled when talking to a correct server, the session will succeed, but will be more vulnerable to eavesdroppers than it could be. 
- 
-This is an %%SSH-1%%-specific bug. SSH-2 is secure against this type of attack.  
- 
-===== Chokes on SSH-1 RSA authentication ===== 
- 
-Some SSH-1 servers cannot deal with RSA authentication messages at all. If [[ui_pageant|Pageant]] is running and contains any %%SSH-1%% keys, WinSCP will normally automatically try %%RSA%% authentication before falling back to passwords, so these servers will crash when they see the %%RSA%% attempt.  
- 
-If this bug is detected, WinSCP will go straight to password authentication. If this bug is enabled when talking to a correct server, the session will succeed, but of course %%RSA%% authentication will be impossible.  
- 
-This is an %%SSH-1%%-specific bug.  
===== Chokes on SSH-2 ignore messages ===== ===== Chokes on SSH-2 ignore messages =====
Line 106: Line 84:
correct server, the session will work correctly, but download correct server, the session will work correctly, but download
performance will be less than it could be. ((&puttydoccite)) performance will be less than it could be. ((&puttydoccite))
 +
 +===== Chokes on SSH-1 ignore messages =====
 +An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol which can be sent from the client to the server, or from the server to the client, at any time. Either side is required to ignore the message whenever it receives it. WinSCP uses ignore messages to hide the password packet in SSH-1, so that a listener cannot tell the length of the user's password; it also uses ignore messages for [[ui_login_connection#keepalives|connection keepalives]].
 +
 +If this bug is detected, WinSCP will stop using ignore messages. This means that keepalives will stop working, and WinSCP will have to fall back to a secondary defense against [[#refuses_all_ssh-1_password_camouflage|SSH-1 password-length eavesdropping]]. If this bug is enabled when talking to a correct server, the session will succeed, but keepalives will not work and the session might be more vulnerable to eavesdroppers than it could be.
 +
 +This is an %%SSH-1%%-specific bug. No known %%SSH-2%% server fails to deal with %%SSH-2%% ignore messages.
 +
 +===== Refuses all SSH-1 password camouflage =====
 +When talking to an SSH-1 server which cannot deal with [[#chokes_on_ssh-1_ignore_messages|ignore messages]], WinSCP will attempt to disguise the length of the user's password by sending additional padding within the password packet. This is technically a violation of the %%SSH-1%% specification, and so WinSCP will only do it when it cannot use standards-compliant ignore messages as camouflage. In this sense, for a server to refuse to accept a padded password packet is not really a bug, but it does make life inconvenient if the server can also not handle ignore messages.
 +
 +If this bug is detected, WinSCP will assume that neither ignore messages nor padding are acceptable, and that it thus has no choice but to send the user's password with no form of camouflage, so that an eavesdropping user will be easily able to find out the exact length of the password. If this bug is enabled when talking to a correct server, the session will succeed, but will be more vulnerable to eavesdroppers than it could be.
 +
 +This is an %%SSH-1%%-specific bug. SSH-2 is secure against this type of attack.
 +
 +===== Chokes on SSH-1 RSA authentication =====
 +
 +Some SSH-1 servers cannot deal with RSA authentication messages at all. If [[ui_pageant|Pageant]] is running and contains any %%SSH-1%% keys, WinSCP will normally automatically try %%RSA%% authentication before falling back to passwords, so these servers will crash when they see the %%RSA%% attempt.
 +
 +If this bug is detected, WinSCP will go straight to password authentication. If this bug is enabled when talking to a correct server, the session will succeed, but of course %%RSA%% authentication will be impossible.
 +
 +This is an %%SSH-1%%-specific bug.
===== Further Reading ===== ===== Further Reading =====
Read more about [[ui_login|Login dialog]] and [[ui_login_advanced|Advanced Site Settings dialog]]. Read more about [[ui_login|Login dialog]] and [[ui_login_advanced|Advanced Site Settings dialog]].

Last modified: by martin