On Oct 26, Iain Morgan wrote:

> This is spelt out pretty clearly in the ChangeLog for 4.2p1 and (if I recall
> correctly) in the release announcement on this list. Admittedly, the
> sshd_config(5) man page does not appear to call out this issue.


thanks for your pointer to the docs (and sorry for not having read/understood them all).
maybe you can answer two more open questions on that topic, please ?

> Set Compression=yes in your sshd_config and the old clients should behave.



a)
what's the reason/benefit for the new delayed compression, or otherway round:
what's the (maybe furture) drawback if I'll use "Compression yes" in sshd_conf for backward compatibility ?
is this to avoid small packets for authentication getting larger by zlib compression ?


b)
what's the reason of the different code in sshconnect2.c/ssh_kex2() and sshd.c/do_ssh2_kex()
for this setup ? sshconnect2.c/ssh_kex2() already uses

if (options.compression) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
} else {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
}

and thus offers a fallback to old "zlib" scheme, while sshd.c/do_ssh2_kex() reads

if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
}

not offering a fallback for old clients. why not allowing a fallback for compatibility
to old "zlib" in case that an old client does not yet support the new "delayed" scheme ?


if that's not a good idea, what about a new setting "delayed+compat-fallback" for "Compression"
which would allow new ssh clients to benefit/use "delayed" compression and wouldn't break it
for old clients ?
the patch below might be a possibility to offer both ways at the same time ?!


btw: the comment for "compression" in servconf.h is no longer exact, because
with the COMP_DELAYED setting it's no longer a boolean value, so "true" might
be misleading (COMP_DELAYED==2 is true, but only _delayed_ compression is allowed):


int compression; /* If true, compression is allowed */
^^^^


suggestion for giving delayed compression with legacy fallback:
-------------------------------------------------------------------------------
diff -ur ../../orig/openssh-4.2p1/kex.h ./kex.h
--- ../../orig/openssh-4.2p1/kex.h 2005-07-26 13:54:56.000000000 +0200
+++ ./kex.h 2005-10-27 10:43:07.000000000 +0200
@@ -38,6 +38,7 @@
#define COMP_NONE 0
#define COMP_ZLIB 1
#define COMP_DELAYED 2
+#define COMP_DELAYED_COMP 3

enum kex_init_proposals {
PROPOSAL_KEX_ALGS,
Only in .: kex.h~
diff -ur ../../orig/openssh-4.2p1/servconf.c ./servconf.c
--- ../../orig/openssh-4.2p1/servconf.c 2005-08-12 14:11:37.000000000 +0200
+++ ./servconf.c 2005-10-27 10:46:55.000000000 +0200
@@ -738,6 +738,8 @@
value = 0; /* silence compiler */
if (strcmp(arg, "delayed") == 0)
value = COMP_DELAYED;
+ if (strcmp(arg, "delayed+fallback") == 0)
+ value = COMP_DELAYED_COMP;
else if (strcmp(arg, "yes") == 0)
value = COMP_ZLIB;
else if (strcmp(arg, "no") == 0)
Only in .: servconf.c~
diff -ur ../../orig/openssh-4.2p1/sshd.c ./sshd.c
--- ../../orig/openssh-4.2p1/sshd.c 2005-07-26 13:54:56.000000000 +0200
+++ ./sshd.c 2005-10-27 10:47:22.000000000 +0200
@@ -1998,6 +1998,9 @@
if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
+ } else if (options.compression == COMP_DELAYED_COMP) {
+ myproposal[PROPOSAL_COMP_ALGS_CTOS] =
+ myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
} else if (options.compression == COMP_DELAYED) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
Only in .: sshd.c~
-------------------------------------------------------------------------------



thanks for your comments,

Harald Koenig
--
"I hope to die ___ _____
before I *have* to use Microsoft Word.", 0--,| /OOOOOOO\
Donald E. Knuth, 02-Oct-2001 in Tuebingen. <_/ / /OOOOOOOOOOO\
\ \/OOOOOOOOOOOOOOO\
\ OOOOOOOOOOOOOOOOO|//
Harald Koenig \/\/\/\/\/\/\/\/\/
science+computing ag // / \\ \
koenig@science-computing.de ^^^^^ ^^^^^

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev