You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by GitBox <gi...@apache.org> on 2021/10/17 16:01:13 UTC

[GitHub] [mina-sshd] tomaswolf opened a new pull request #205: Set output and input encodings separately at end of KEX

tomaswolf opened a new pull request #205:
URL: https://github.com/apache/mina-sshd/pull/205


   Once SSH_MSG_NEWKEYS is sent any subsequent packet sent must use the
   new encoding settings. Once SSH_MSG_NEWKEYS is received, the new
   encoding settings are to be used for any message received. So set the
   cipher/mac/compression separately for outgoing and incoming messages
   in sendNewKeys() and handleNewKeys().
   
   Previously, we set both only in handleNewKeys(), i.e., when the peer's
   SSH_MSG_NEWKEYS was received. This makes implementing a KEX extension
   handler more complicated than necessary since it had to delay sending
   the SSH_MSG_EXT_INFO packet until after the peer's SSH_MSG_NEW_KEYS was
   received.
   
   RFC 8308 recommends that "the server sends its SSH_MSG_EXT_INFO not
   only as the next packet after SSH_MSG_NEWKEYS, but without delay". This
   is now possible since the output settings are already set up correctly.
   
   SSH_MSG_EXT_INFO is always sent and received after SSH_MSG_NEWKEY, and
   the Apache MINA sshd implementation guarantees that either party handles
   the peer's SSH_MSG_NEWKEY *after* having sent its own SSH_MSG_NEWKEY.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org

[GitHub] [mina-sshd] tomaswolf merged pull request #205: Set output and input encodings separately at end of KEX

Posted by GitBox <gi...@apache.org>.

tomaswolf merged pull request #205:
URL: https://github.com/apache/mina-sshd/pull/205


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org

[GitHub] [mina-sshd] tomaswolf commented on pull request #205: Set output and input encodings separately at end of KEX

Posted by GitBox <gi...@apache.org>.

tomaswolf commented on pull request #205:
URL: https://github.com/apache/mina-sshd/pull/205#issuecomment-945151072


   @benhumphreys  since this changes sending of `server-sig-algs` and you apparently want to use that in Bitbucket Server you might want to double-check this change, too. (It fixes the remaining issue of sending the EXT_INFO message "without delay" as recommended by RFC 8308.)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org

[GitHub] [mina-sshd] benhumphreys commented on pull request #205: Set output and input encodings separately at end of KEX

Posted by GitBox <gi...@apache.org>.

benhumphreys commented on pull request #205:
URL: https://github.com/apache/mina-sshd/pull/205#issuecomment-945356928


   Thanks @tomaswolf. I've also tested this branch and have found no problems.
   I expanded my testing a little to include OpenSSH 6.6.1p1, 8.1p, 8.2p1 and 8.8p1.
   
   Thanks again!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org