| version 1.6, 2008/06/10 22:15:23 |
version 1.7, 2008/06/12 05:15:41 |
|
|
| Note that this is not a general defence against compromised clients |
Note that this is not a general defence against compromised clients |
| (that is impossible), but it thwarts a simple attack. |
(that is impossible), but it thwarts a simple attack. |
| |
|
| 5. sftp: Reversal of arguments to SSH_FXP_SYMLINK |
5. connection: Tunnel forward extension "tun@openssh.com" |
| |
|
| |
OpenSSH supports layer 2 and layer 3 tunneling via the "tun@openssh.com" |
| |
channel type. This channel type supports forwarding of network packets |
| |
with datagram boundaries entact between endpoints equipped with |
| |
interfaces like the BSD tun(4) device. Tunnel forwarding channels are |
| |
requested by the client with the following packet: |
| |
|
| |
byte SSH_MSG_CHANNEL_OPEN |
| |
string "tun@openssh.com" |
| |
uint32 sender channel |
| |
uint32 initial window size |
| |
uint32 maximum packet size |
| |
uint32 tunnel mode |
| |
uint32 remote unit number |
| |
|
| |
The "tunnel mode" parameter specifies whether the tunnel should forward |
| |
layer 2 frames or layer 3 packets. It may take one of the following values: |
| |
|
| |
SSH_TUNMODE_POINTOPOINT 1 /* layer 3 packets */ |
| |
SSH_TUNMODE_ETHERNET 2 /* layer 2 frames */ |
| |
|
| |
The "tunnel unit number" specifies the remote interface number, or may |
| |
be zero to allow the server to automatically chose an interface. A server |
| |
that is not willing to open a client-specified unit should refuse the |
| |
request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful open, |
| |
the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS. |
| |
|
| |
Once established the client and server may exchange packet or frames |
| |
over the tunnel channel by encapsulating them in SSH protocol strings |
| |
and sending them as channel data. This ensures that packet boundaries |
| |
are kept intact. Specifically, packets are transmitted using normal |
| |
SSH_MSG_CHANNEL_DATA packets: |
| |
|
| |
byte SSH_MSG_CHANNEL_DATA |
| |
uint32 recipient channel |
| |
string data |
| |
|
| |
The contents of the "data" field for layer 3 packets is: |
| |
|
| |
uint32 packet length |
| |
uint32 address family |
| |
byte[packet length - 4] packet data |
| |
|
| |
The "address family" field identifies the type of packet in the message. |
| |
It may be one of: |
| |
|
| |
SSH_TUN_AF_INET 2 /* IPv4 */ |
| |
SSH_TUN_AF_INET6 24 /* IPv6 */ |
| |
|
| |
The "packet data" field consists of the IPv4/IPv6 datagram itself |
| |
without any link layer header. |
| |
|
| |
The contents of the "data" field for layer 3 packets is: |
| |
|
| |
uint32 packet length |
| |
byte[packet length] frame |
| |
|
| |
The "frame" field contains an IEEE 802.3 ethernet frame, including |
| |
header. |
| |
|
| |
6. sftp: Reversal of arguments to SSH_FXP_SYMLINK |
| |
|
| When OpenSSH's sftp-server was implemented, the order of the arguments |
When OpenSSH's sftp-server was implemented, the order of the arguments |
| to the SSH_FXP_SYMLINK method was inadvertendly reversed. Unfortunately, |
to the SSH_FXP_SYMLINK method was inadvertendly reversed. Unfortunately, |
| the reversal was not noticed until the server was widely deployed. Since |
the reversal was not noticed until the server was widely deployed. Since |
|
|
| string targetpath |
string targetpath |
| string linkpath |
string linkpath |
| |
|
| 6. sftp: Server extension announcement in SSH_FXP_VERSION |
7. sftp: Server extension announcement in SSH_FXP_VERSION |
| |
|
| OpenSSH's sftp-server lists the extensions it supports using the |
OpenSSH's sftp-server lists the extensions it supports using the |
| standard extension announcement mechanism in the SSH_FXP_VERSION server |
standard extension announcement mechanism in the SSH_FXP_VERSION server |
|
|
| extension with multiple versions (though this is unlikely). Clients MUST |
extension with multiple versions (though this is unlikely). Clients MUST |
| check the version number before attemping to use the extension. |
check the version number before attemping to use the extension. |
| |
|
| 7. sftp: Extension request "posix-rename@openssh.com" |
8. sftp: Extension request "posix-rename@openssh.com" |
| |
|
| This operation provides a rename operation with POSIX semantics, which |
This operation provides a rename operation with POSIX semantics, which |
| are different to those provided by the standard SSH_FXP_RENAME in |
are different to those provided by the standard SSH_FXP_RENAME in |
|
|
| This extension is advertised in the SSH_FXP_VERSION hello with version |
This extension is advertised in the SSH_FXP_VERSION hello with version |
| "1". |
"1". |
| |
|
| 8. sftp: Extension requests "statvfs@openssh.com" and |
9. sftp: Extension requests "statvfs@openssh.com" and |
| "fstatvfs@openssh.com" |
"fstatvfs@openssh.com" |
| |
|
| These requests correspond to the statvfs and fstatvfs POSIX system |
These requests correspond to the statvfs and fstatvfs POSIX system |
|
|
| "2". |
"2". |
| |
|
| $OpenBSD$ |
$OpenBSD$ |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to PROTOCOL CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh