Date: Tue, 5 Dec 2000 01:14:07 +0100 (CET) From: sec@ice.42.org To: FreeBSD-gnats-submit@freebsd.org Subject: bin/23286: openssh is too verbose Message-ID: <20001205001407.B834DF9@ice.42.org> Resent-Message-ID: <200012050020.eB50K0l32129@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 23286
>Category: bin
>Synopsis: openssh is too verbose
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 04 16:20:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Stefan `Sec` Zehl
>Release: FreeBSD 4.1-STABLE i386
>Organization:
>Environment:
>Description:
The ssh binary in the FreeBSD base distribution is too verbose.
When ssh'ing to an host running an old ssh version it outputs:
| Warning: Server lies about size of server host key: actual size is 1023 bits vs. announced 1024.
| Warning: This may be due to an old implementation of ssh.
This has several problems:
- It is not possible to disable this without disabling ALL warnings.
Disabling ALL warnings is obviously not a good idea for security related
products
- It outputs this even in non-interactive mode, so I'm forced to modify
automatic scrips to cater for this behaviour. This way the FreeBSD-4.x
ssh is gratitously incompatible to older versions.
- If users get exposed to meaningless warnings they quickly learn to ignore
warnings. This is obviosly a bad idea, as we want them to notice in case
there is somthing we really need to warn the user about.
>How-To-Repeat:
ssh to an host with an old keysize length.
>Fix:
Cater explicitly for the 'one-bit-defference' case, and remove that now
meaningless 'This may be due to an old implementation' line.
--- /usr/src/crypto/openssh/sshconnect1.c.orig Tue Dec 5 00:44:27 2000
+++ /usr/src/crypto/openssh/sshconnect1.c Tue Dec 5 00:44:27 2000
@@ -744,9 +744,9 @@
rbits = BN_num_bits(host_key->n);
if (bits != rbits) {
+ if (rbits+1 != bits)
log("Warning: Server lies about size of server host key: "
"actual size is %d bits vs. announced %d.", rbits, bits);
- log("Warning: This may be due to an old implementation of ssh.");
}
/* Get protocol flags. */
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001205001407.B834DF9>