version 1.274, 2017/04/30 23:10:43 |
version 1.275, 2017/04/30 23:11:45 |
|
|
int remote_major, remote_minor, mismatch; |
int remote_major, remote_minor, mismatch; |
int connection_in = packet_get_connection_in(); |
int connection_in = packet_get_connection_in(); |
int connection_out = packet_get_connection_out(); |
int connection_out = packet_get_connection_out(); |
int minor1 = PROTOCOL_MINOR_1, client_banner_sent = 0; |
int client_banner_sent = 0; |
u_int i, n; |
u_int i, n; |
size_t len; |
size_t len; |
int fdsetsz, remaining, rc; |
int fdsetsz, remaining, rc; |
|
|
fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask); |
fdsetsz = howmany(connection_in + 1, NFDBITS) * sizeof(fd_mask); |
fdset = xcalloc(1, fdsetsz); |
fdset = xcalloc(1, fdsetsz); |
|
|
/* |
enable_compat20(); |
* If we are SSH2-only then we can send the banner immediately and |
send_client_banner(connection_out, 0); |
* save a round-trip. |
client_banner_sent = 1; |
*/ |
|
if (options.protocol == SSH_PROTO_2) { |
|
enable_compat20(); |
|
send_client_banner(connection_out, 0); |
|
client_banner_sent = 1; |
|
} |
|
|
|
/* Read other side's version identification. */ |
/* Read other side's version identification. */ |
remaining = timeout_ms; |
remaining = timeout_ms; |
|
|
|
|
switch (remote_major) { |
switch (remote_major) { |
case 1: |
case 1: |
if (remote_minor == 99 && |
if (remote_minor == 99) |
(options.protocol & SSH_PROTO_2) && |
|
!(options.protocol & SSH_PROTO_1_PREFERRED)) { |
|
enable_compat20(); |
enable_compat20(); |
break; |
else |
} |
|
if (!(options.protocol & SSH_PROTO_1)) { |
|
mismatch = 1; |
mismatch = 1; |
break; |
|
} |
|
if (remote_minor < 3) { |
|
fatal("Remote machine has too old SSH software version."); |
|
} else if (remote_minor == 3 || remote_minor == 4) { |
|
/* We speak 1.3, too. */ |
|
enable_compat13(); |
|
minor1 = 3; |
|
if (options.forward_agent) { |
|
logit("Agent forwarding disabled for protocol 1.3"); |
|
options.forward_agent = 0; |
|
} |
|
} |
|
break; |
break; |
case 2: |
case 2: |
if (options.protocol & SSH_PROTO_2) { |
enable_compat20(); |
enable_compat20(); |
break; |
break; |
|
} |
|
/* FALLTHROUGH */ |
|
default: |
default: |
mismatch = 1; |
mismatch = 1; |
break; |
break; |
} |
} |
if (mismatch) |
if (mismatch) |
fatal("Protocol major versions differ: %d vs. %d", |
fatal("Protocol major versions differ: %d vs. %d", |
(options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, |
PROTOCOL_MAJOR_2, remote_major); |
remote_major); |
|
if ((datafellows & SSH_BUG_DERIVEKEY) != 0) |
if ((datafellows & SSH_BUG_DERIVEKEY) != 0) |
fatal("Server version \"%.100s\" uses unsafe key agreement; " |
fatal("Server version \"%.100s\" uses unsafe key agreement; " |
"refusing connection", remote_version); |
"refusing connection", remote_version); |
if ((datafellows & SSH_BUG_RSASIGMD5) != 0) |
if ((datafellows & SSH_BUG_RSASIGMD5) != 0) |
logit("Server version \"%.100s\" uses unsafe RSA signature " |
logit("Server version \"%.100s\" uses unsafe RSA signature " |
"scheme; disabling use of RSA keys", remote_version); |
"scheme; disabling use of RSA keys", remote_version); |
if (!client_banner_sent) |
|
send_client_banner(connection_out, minor1); |
|
chop(server_version_string); |
chop(server_version_string); |
} |
} |
|
|