Date: Tue, 5 Dec 2000 01:14:07 +0100 (CET) From: sec@ice.42.org To: FreeBSD-gnats-submit@freebsd.org Subject: bin/23286: openssh is too verbose Message-ID: <20001205001407.B834DF9@ice.42.org> Resent-Message-ID: <200012050020.eB50K0l32129@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 23286 >Category: bin >Synopsis: openssh is too verbose >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Dec 04 16:20:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Stefan `Sec` Zehl >Release: FreeBSD 4.1-STABLE i386 >Organization: >Environment: >Description: The ssh binary in the FreeBSD base distribution is too verbose. When ssh'ing to an host running an old ssh version it outputs: | Warning: Server lies about size of server host key: actual size is 1023 bits vs. announced 1024. | Warning: This may be due to an old implementation of ssh. This has several problems: - It is not possible to disable this without disabling ALL warnings. Disabling ALL warnings is obviously not a good idea for security related products - It outputs this even in non-interactive mode, so I'm forced to modify automatic scrips to cater for this behaviour. This way the FreeBSD-4.x ssh is gratitously incompatible to older versions. - If users get exposed to meaningless warnings they quickly learn to ignore warnings. This is obviosly a bad idea, as we want them to notice in case there is somthing we really need to warn the user about. >How-To-Repeat: ssh to an host with an old keysize length. >Fix: Cater explicitly for the 'one-bit-defference' case, and remove that now meaningless 'This may be due to an old implementation' line. --- /usr/src/crypto/openssh/sshconnect1.c.orig Tue Dec 5 00:44:27 2000 +++ /usr/src/crypto/openssh/sshconnect1.c Tue Dec 5 00:44:27 2000 @@ -744,9 +744,9 @@ rbits = BN_num_bits(host_key->n); if (bits != rbits) { + if (rbits+1 != bits) log("Warning: Server lies about size of server host key: " "actual size is %d bits vs. announced %d.", rbits, bits); - log("Warning: This may be due to an old implementation of ssh."); } /* Get protocol flags. */ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001205001407.B834DF9>