X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/3d63ca2ea3f917bf24a6c0a6e4dae5357bcf5dd6..8c028e6547c06622ebd8a2c59f5720faa2268304:/ssh.c

diff --git a/ssh.c b/ssh.c
index 01c5caa1..4fb0822a 100644
--- a/ssh.c
+++ b/ssh.c
@@ -168,6 +168,7 @@ static const char *const ssh2_disconnect_reasons[] = {
 #define BUG_CHOKES_ON_SSH1_IGNORE                 1
 #define BUG_SSH2_HMAC                             2
 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD        	  4
+#define BUG_CHOKES_ON_RSA	        	  8
 
 static int ssh_pkt_ctx = 0;
 
@@ -1590,6 +1591,16 @@ static void ssh_detect_bugs(char *vstring)
 	logevent("We believe remote version needs a plain SSH1 password");
     }
 
+    if (!strcmp(imp, "Cisco-1.25")) {
+	/*
+	 * These versions apparently have no clue whatever about
+	 * RSA authentication and will panic and die if they see
+	 * an AUTH_RSA message.
+	 */
+	ssh_remote_bugs |= BUG_CHOKES_ON_RSA;
+	logevent("We believe remote version can't handle RSA authentication");
+    }
+
     if (!strncmp(imp, "2.1.0", 5) || !strncmp(imp, "2.0.", 4) ||
 	!strncmp(imp, "2.2.0", 5) || !strncmp(imp, "2.3.0", 5) ||
 	!strncmp(imp, "2.1 ", 4)) {
@@ -1862,8 +1873,10 @@ static char *connect_to_host(char *host, int port, char **realhost, int nodelay)
 	logevent(buf);
     }
     s = sk_new(addr, port, 0, 1, nodelay, &fn_table_ptr);
-    if ((err = sk_socket_error(s)))
+    if ((err = sk_socket_error(s))) {
+	s = NULL;
 	return err;
+    }
 
 #ifdef FWHACK
     sk_write(s, "connect ", 8);
@@ -2191,7 +2204,12 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 
     crWaitUntil(ispkt);
 
-    tried_publickey = tried_agent = 0;
+    if ((ssh_remote_bugs & BUG_CHOKES_ON_RSA)) {
+	/* We must not attempt PK auth. Pretend we've already tried it. */
+	tried_publickey = tried_agent = 1;
+    } else {
+	tried_publickey = tried_agent = 0;
+    }
     tis_auth_refused = ccard_auth_refused = 0;
     /* Load the public half of cfg.keyfile so we notice if it's in Pageant */
     if (*cfg.keyfile) {