Subject: Re: sha1 hash is incorrect

Re: sha1 hash is incorrect

From: Aris Adamantiadis <aris_at_0xbadc0de.be>
Date: Sun, 13 Jun 2010 23:20:29 +0200

Hi Daniel,

According to SSH-2 specs, SSH-1.99-* banners announce a server
compatible with both SSH2 and SSH1. What's more plausible is that
freessh uses (maybe introducing bugs) ciphers and hashs that were not
fully tested within libssh2.

Aris

Daniel Stenberg a écrit :
> On Sun, 13 Jun 2010, Peter Stuge wrote:
>
>> If you are convinced that also newer versions are causing you
>> trouble
>
> Let me also point out that Evgeniy is using OpenSSL and the 1aba38
> commit was for gcrypt-based operations...
>
> I think the received banner is a bit worrying "SSH-1.99-FreSSH.0.8".
> 1.99? I then found this web site[1] about Fressh that says "FreSSH
> currently implements SSH protocol version 1.5"
>
> Well, libssh2 is SSH protocol version 2 only so I'm not surprised that
> servers running an earlier version cause trouble! I think we should
> detect this situation better and bail out with a clear and easily
> understood message.
>
> [1] = http://www.freebsdsoftware.org/security/fressh.html
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-06-13