Hello OpenSSH developers,

openssh 4.2p1 breaks old openssh clients up to 3.4p1 when they try to use compression:

# ssh-3.4p1 -C remote-host-with-4.2p1 pwd
no matching comp found: client zlib server none,zlib@openssh.com

option "-vv" shows

...
debug2: kex_parse_kexinit: zlib
...
debug2: kex_parse_kexinit: none,zlib@openssh.com
...
debug2: mac_init: found hmac-md5
no matching comp found: client zlib server none,zlib@openssh.com

using the small patch below makes the old ssh clients happy again with option "-C"


-------------------------------------------------------------------------------
--- openssh-4.2p1/sshd.c~ 2005-10-05 17:58:21.000000000 +0200
+++ openssh-4.2p1/sshd.c 2005-10-26 18:17:44.000000000 +0200
@@ -2014,7 +2014,7 @@
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
}

myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
-------------------------------------------------------------------------------


Harald Koenig

PS: yes I know about the security issues using such old ssh clients, but it's
only used in fairly protected small internal customer networks, and the customer
insists not to change anything in those environments running the old ssh clients...
(the surrounding environment is pretty well maintained which is the reason for
the 4.2p1 sshd;-)
--
"I hope to die ___ _____
before I *have* to use Microsoft Word.", 0--,| /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen. <_/ / /OOOOOOOOOOO\
\ \/OOOOOOOOOOOOOOO\
\ OOOOOOOOOOOOOOOOO|//
Harald Koenig \/\/\/\/\/\/\/\/\/
science+computing ag // / \\ \
koenig@science-computing.de ^^^^^ ^^^^^

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev