(Maybe this is a re-posting: sorry for that.)

Hello,
a SonicWALL appliance that protects my servers' LAN has suddenly begun to
refuse OpenSSH connections with the following message:

'SSH 2.0 Overly Long Protocol Version Exchange String, SID: 3696,
Priority: High - This signature detects overly long "Protocol Version
Exchange"
string in SSH 2.0. The maximum length of the string, defined in RFC 4253,
is 255 bytes.'

Sniffing IP packets during a connection, I found that the problem is
not the string
length, but the string terminator: Version Exchange String does not end
with CR LF (RFC 4253, section "4.2. Protocol Version Exchange"), but with
CR only.

I tried two different client versions, with the same result:

Openssh V3.8.1p1 (Debian stable package ssh 3.8.1p1-8.sarge.4)
Openssh V4.3p2 (Debian testing package openssh-client 4.3p2-3)

Is (portable) OpenSSH compliant with RFC 4253? Is it a bug fixed in V4.4?
Are Debian packages not compliant with (portable) OpenSSH official packages?
Did anybody experience something like this?

Thanks in advance,
Paolo

--
Paolo Vicario,
Centro Servizi Informatici e Telematici (CSIT)
Universita' degli Studi di Udine
e-mail: paolo.vicario at uniud.it

----------------------------------------------------------------------
SEMEL (SErvizio di Messaging ELettronico) - CSIT -Universita' di Udine



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/lis...enssh-unix-dev