ctrl_droplist(s, "Misuses the session ID in PK auth", 'n', 20,
HELPCTX(ssh_bugs_pksessid2),
sshbug_handler, I(offsetof(Config,sshbug_pksessid2)));
- ctrl_droplist(s, "Ignores key re-exchange completely", 'k', 20,
+ ctrl_droplist(s, "Handles key re-exchange badly", 'k', 20,
HELPCTX(ssh_bugs_rekey2),
sshbug_handler, I(offsetof(Config,sshbug_rekey2)));
}
This is an SSH2-specific bug.
-\S{config-ssh-bug-rekey} \q{Ignores key re-exchange completely}
+\S{config-ssh-bug-rekey} \q{Handles key re-exchange badly}
\cfg{winhelp-topic}{ssh.bugs.rekey2}
-Some very old SSH servers cannot cope with repeat key exchange at
+Some SSH servers cannot cope with repeat key exchange at
all, and will ignore attempts by the client to start one. Since
PuTTY pauses the session while performing a repeat key exchange, the
effect of this would be to cause the session to hang after an hour
(unless you have your rekey timeout set differently; see
\k{config-ssh-kex-rekey} for more about rekeys).
+Other, very old, SSH servers handle repeat key exchange even more
+badly, and disconnect upon receiving a repeat key exchange request.
If this bug is detected, PuTTY will never initiate a repeat key
exchange. If this bug is enabled when talking to a correct server,
if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
(ssh->cfg.sshbug_rekey2 == AUTO &&
- (wc_match("Sun_SSH_1.0", imp) ||
+ (wc_match("OpenSSH_2.[0-4]*", imp) ||
+ wc_match("OpenSSH_2.5.[0-3]*", imp) ||
+ wc_match("Sun_SSH_1.0", imp) ||
wc_match("Sun_SSH_1.0.1", imp)))) {
/*
- * These versions have the SSH2 ignore-rekey bug.
+ * These versions have the SSH2 rekey bug.
*/
ssh->remote_bugs |= BUG_SSH2_REKEY;
- logevent("We believe remote version has SSH2 ignore-rekey bug");
+ logevent("We believe remote version has SSH2 rekey bug");
}
}