Differences
This shows you the differences between the selected revisions of the page.
| 2016-01-21 | 2017-01-18 | ||
| quotes (martin) | explicit anchors + standardizing anchor (martin) | ||
| Line 43: | Line 43: | ||
| This is an SSH-2-specific bug. | This is an SSH-2-specific bug. | ||
| - | ===== [[rsa_padding]] Requires padding on SSH-2 RSA signatures ===== | + | ===== [[sshbug_rsapad2]] Requires padding on SSH-2 RSA signatures ===== |
| Versions below 3.3 of [[&openssh|OpenSSH]] and versions below 1.3.4d/1.3.5rc4 of ProFTPD/mod_sftp require SSH-2 RSA signatures to be padded with zero bytes to the same length as the %%RSA%% key modulus. The %%SSH-2%% draft specification says that an unpadded signature MUST be accepted, so this is a bug. A typical symptom of this problem is that WinSCP mysteriously fails %%RSA%% authentication once in every few hundred attempts, and falls back to passwords. In session log file you will typically see this record: | Versions below 3.3 of [[&openssh|OpenSSH]] and versions below 1.3.4d/1.3.5rc4 of ProFTPD/mod_sftp require SSH-2 RSA signatures to be padded with zero bytes to the same length as the %%RSA%% key modulus. The %%SSH-2%% draft specification says that an unpadded signature MUST be accepted, so this is a bug. A typical symptom of this problem is that WinSCP mysteriously fails %%RSA%% authentication once in every few hundred attempts, and falls back to passwords. In session log file you will typically see this record: | ||
| Line 84: | Line 84: | ||
| performance will be less than it could be. ((&puttydoccite)) | performance will be less than it could be. ((&puttydoccite)) | ||
| - | ===== Chokes on SSH-1 ignore messages ===== | + | ===== [[sshbug_ignore1]] Chokes on SSH-1 ignore messages ===== |
| An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol which can be sent from the client to the server, or from the server to the client, at any time. Either side is required to ignore the message whenever it receives it. WinSCP uses ignore messages to hide the password packet in SSH-1, so that a listener cannot tell the length of the user's password; it also uses ignore messages for [[ui_login_connection#keepalives|connection keepalives]]. | An ignore message (SSH_MSG_IGNORE) is a message in the SSH protocol which can be sent from the client to the server, or from the server to the client, at any time. Either side is required to ignore the message whenever it receives it. WinSCP uses ignore messages to hide the password packet in SSH-1, so that a listener cannot tell the length of the user's password; it also uses ignore messages for [[ui_login_connection#keepalives|connection keepalives]]. | ||
| Line 91: | Line 91: | ||
| This is an %%SSH-1%%-specific bug. No known %%SSH-2%% server fails to deal with %%SSH-2%% ignore messages. | This is an %%SSH-1%%-specific bug. No known %%SSH-2%% server fails to deal with %%SSH-2%% ignore messages. | ||
| - | ===== Refuses all SSH-1 password camouflage ===== | + | ===== [[sshbug_plainpw1]] Refuses all SSH-1 password camouflage ===== |
| When talking to an SSH-1 server which cannot deal with [[#chokes_on_ssh-1_ignore_messages|ignore messages]], WinSCP will attempt to disguise the length of the user's password by sending additional padding within the password packet. This is technically a violation of the %%SSH-1%% specification, and so WinSCP will only do it when it cannot use standards-compliant ignore messages as camouflage. In this sense, for a server to refuse to accept a padded password packet is not really a bug, but it does make life inconvenient if the server can also not handle ignore messages. | When talking to an SSH-1 server which cannot deal with [[#chokes_on_ssh-1_ignore_messages|ignore messages]], WinSCP will attempt to disguise the length of the user's password by sending additional padding within the password packet. This is technically a violation of the %%SSH-1%% specification, and so WinSCP will only do it when it cannot use standards-compliant ignore messages as camouflage. In this sense, for a server to refuse to accept a padded password packet is not really a bug, but it does make life inconvenient if the server can also not handle ignore messages. | ||