version 1.5, 2008/06/09 13:38:46 |
version 1.6, 2008/06/10 22:15:23 |
|
|
still be sent in the other direction. This message does not consume |
still be sent in the other direction. This message does not consume |
window space and may be sent even if no window space is available. |
window space and may be sent even if no window space is available. |
|
|
4. sftp: Reversal of arguments to SSH_FXP_SYMLINK |
4. connection: disallow additional sessions extension |
|
"no-more-sessions@openssh.com" |
|
|
|
Most SSH connections will only ever request a single session, but a |
|
attacker may abuse a running ssh client to surreptitiously open |
|
additional sessions under their control. OpenSSH provides a global |
|
request "no-more-sessions@openssh.com" to mitigate this attack. |
|
|
|
When an OpenSSH client expects that it will never open another session |
|
(i.e. it has been started with connection multiplexing disabled), it |
|
will send the following global request: |
|
|
|
byte SSH_MSG_GLOBAL_REQUEST |
|
string "no-more-sessions@openssh.com" |
|
char want-reply |
|
|
|
On receipt of such a message, an OpenSSH server will refuse to open |
|
future channels of type "session" and instead immediately abort the |
|
connection. |
|
|
|
Note that this is not a general defence against compromised clients |
|
(that is impossible), but it thwarts a simple attack. |
|
|
|
5. sftp: Reversal of arguments to SSH_FXP_SYMLINK |
|
|
When OpenSSH's sftp-server was implemented, the order of the arguments |
When OpenSSH's sftp-server was implemented, the order of the arguments |
to the SSH_FXP_SYMLINK method was inadvertendly reversed. Unfortunately, |
to the SSH_FXP_SYMLINK method was inadvertendly reversed. Unfortunately, |
the reversal was not noticed until the server was widely deployed. Since |
the reversal was not noticed until the server was widely deployed. Since |
|
|
string targetpath |
string targetpath |
string linkpath |
string linkpath |
|
|
5. sftp: Server extension announcement in SSH_FXP_VERSION |
6. sftp: Server extension announcement in SSH_FXP_VERSION |
|
|
OpenSSH's sftp-server lists the extensions it supports using the |
OpenSSH's sftp-server lists the extensions it supports using the |
standard extension announcement mechanism in the SSH_FXP_VERSION server |
standard extension announcement mechanism in the SSH_FXP_VERSION server |
|
|
extension with multiple versions (though this is unlikely). Clients MUST |
extension with multiple versions (though this is unlikely). Clients MUST |
check the version number before attemping to use the extension. |
check the version number before attemping to use the extension. |
|
|
6. sftp: Extension request "posix-rename@openssh.com" |
7. sftp: Extension request "posix-rename@openssh.com" |
|
|
This operation provides a rename operation with POSIX semantics, which |
This operation provides a rename operation with POSIX semantics, which |
are different to those provided by the standard SSH_FXP_RENAME in |
are different to those provided by the standard SSH_FXP_RENAME in |
|
|
This extension is advertised in the SSH_FXP_VERSION hello with version |
This extension is advertised in the SSH_FXP_VERSION hello with version |
"1". |
"1". |
|
|
7. sftp: Extension requests "statvfs@openssh.com" and |
8. sftp: Extension requests "statvfs@openssh.com" and |
"fstatvfs@openssh.com" |
"fstatvfs@openssh.com" |
|
|
These requests correspond to the statvfs and fstatvfs POSIX system |
These requests correspond to the statvfs and fstatvfs POSIX system |