| version 1.5, 2008/06/09 13:38:46 |
version 1.6, 2008/06/10 22:15:23 |
|
|
| still be sent in the other direction. This message does not consume |
still be sent in the other direction. This message does not consume |
| window space and may be sent even if no window space is available. |
window space and may be sent even if no window space is available. |
| |
|
| 4. sftp: Reversal of arguments to SSH_FXP_SYMLINK |
4. connection: disallow additional sessions extension |
| |
"no-more-sessions@openssh.com" |
| |
|
| |
Most SSH connections will only ever request a single session, but a |
| |
attacker may abuse a running ssh client to surreptitiously open |
| |
additional sessions under their control. OpenSSH provides a global |
| |
request "no-more-sessions@openssh.com" to mitigate this attack. |
| |
|
| |
When an OpenSSH client expects that it will never open another session |
| |
(i.e. it has been started with connection multiplexing disabled), it |
| |
will send the following global request: |
| |
|
| |
byte SSH_MSG_GLOBAL_REQUEST |
| |
string "no-more-sessions@openssh.com" |
| |
char want-reply |
| |
|
| |
On receipt of such a message, an OpenSSH server will refuse to open |
| |
future channels of type "session" and instead immediately abort the |
| |
connection. |
| |
|
| |
Note that this is not a general defence against compromised clients |
| |
(that is impossible), but it thwarts a simple attack. |
| |
|
| |
5. sftp: Reversal of arguments to SSH_FXP_SYMLINK |
| |
|
| When OpenSSH's sftp-server was implemented, the order of the arguments |
When OpenSSH's sftp-server was implemented, the order of the arguments |
| to the SSH_FXP_SYMLINK method was inadvertendly reversed. Unfortunately, |
to the SSH_FXP_SYMLINK method was inadvertendly reversed. Unfortunately, |
| the reversal was not noticed until the server was widely deployed. Since |
the reversal was not noticed until the server was widely deployed. Since |
|
|
| string targetpath |
string targetpath |
| string linkpath |
string linkpath |
| |
|
| 5. sftp: Server extension announcement in SSH_FXP_VERSION |
6. sftp: Server extension announcement in SSH_FXP_VERSION |
| |
|
| OpenSSH's sftp-server lists the extensions it supports using the |
OpenSSH's sftp-server lists the extensions it supports using the |
| standard extension announcement mechanism in the SSH_FXP_VERSION server |
standard extension announcement mechanism in the SSH_FXP_VERSION server |
|
|
| extension with multiple versions (though this is unlikely). Clients MUST |
extension with multiple versions (though this is unlikely). Clients MUST |
| check the version number before attemping to use the extension. |
check the version number before attemping to use the extension. |
| |
|
| 6. sftp: Extension request "posix-rename@openssh.com" |
7. sftp: Extension request "posix-rename@openssh.com" |
| |
|
| This operation provides a rename operation with POSIX semantics, which |
This operation provides a rename operation with POSIX semantics, which |
| are different to those provided by the standard SSH_FXP_RENAME in |
are different to those provided by the standard SSH_FXP_RENAME in |
|
|
| This extension is advertised in the SSH_FXP_VERSION hello with version |
This extension is advertised in the SSH_FXP_VERSION hello with version |
| "1". |
"1". |
| |
|
| 7. sftp: Extension requests "statvfs@openssh.com" and |
8. sftp: Extension requests "statvfs@openssh.com" and |
| "fstatvfs@openssh.com" |
"fstatvfs@openssh.com" |
| |
|
| These requests correspond to the statvfs and fstatvfs POSIX system |
These requests correspond to the statvfs and fstatvfs POSIX system |
![[BACK]](/icons/back.gif){kind=icon}
Return to PROTOCOL CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh