Commit c7f1aeac authored by Christian Kandeler's avatar Christian Kandeler

SSH: Make it configurable whether to check server data pedantically.

While we want to conform to the specs, there are systems out there today
whose SSH servers send non-conforming identifications strings. We now
enable API clients to switch the respecive checks off, and we do so
ourselves in the RemoteLinux plugin, since the only known problems
are with OpenSSH servers.

Change-Id: I9e6f9076f2dc7435a0bde7016f99cfb2fcb30a9c
Reviewed-by: default avatarTobias Hunger <tobias.hunger@digia.com>
parent f0d4199d
......@@ -81,8 +81,10 @@ namespace {
SshConnectionParameters::SshConnectionParameters() :
timeout(0), authenticationType(AuthenticationByKey), port(0), options(SshIgnoreDefaultProxy)
timeout(0), authenticationType(AuthenticationByKey), port(0)
{
options |= SshIgnoreDefaultProxy;
options |= SshEnableStrictConformanceChecks;
}
static inline bool equals(const SshConnectionParameters &p1, const SshConnectionParameters &p2)
......@@ -398,18 +400,19 @@ void SshConnectionPrivate::handleServerId()
.arg(serverProtoVersion));
}
// Disable this check to accept older OpenSSH servers that do this wrong.
if (serverProtoVersion == QLatin1String("2.0") && !hasCarriageReturn) {
throw SshServerException(SSH_DISCONNECT_PROTOCOL_ERROR,
"Identification string is invalid.",
tr("Server identification string is invalid (missing carriage return)."));
}
if (m_connParams.options & SshEnableStrictConformanceChecks) {
if (serverProtoVersion == QLatin1String("2.0") && !hasCarriageReturn) {
throw SshServerException(SSH_DISCONNECT_PROTOCOL_ERROR,
"Identification string is invalid.",
tr("Server identification string is invalid (missing carriage return)."));
}
if (serverProtoVersion == QLatin1String("1.99") && m_serverHasSentDataBeforeId) {
throw SshServerException(SSH_DISCONNECT_PROTOCOL_ERROR,
"No extra data preceding identification string allowed for 1.99.",
tr("Server reports protocol version 1.99, but sends data "
"before the identification string, which is not allowed."));
if (serverProtoVersion == QLatin1String("1.99") && m_serverHasSentDataBeforeId) {
throw SshServerException(SSH_DISCONNECT_PROTOCOL_ERROR,
"No extra data preceding identification string allowed for 1.99.",
tr("Server reports protocol version 1.99, but sends data "
"before the identification string, which is not allowed."));
}
}
m_keyExchange.reset(new SshKeyExchange(m_sendFacility));
......
......@@ -51,7 +51,8 @@ class SshConnectionPrivate;
} // namespace Internal
enum SshConnectionOption {
SshIgnoreDefaultProxy = 0x1
SshIgnoreDefaultProxy = 0x1,
SshEnableStrictConformanceChecks = 0x2
};
Q_DECLARE_FLAGS(SshConnectionOptions, SshConnectionOption)
......
......@@ -77,6 +77,7 @@ GenericLinuxDeviceConfigurationWizard::~GenericLinuxDeviceConfigurationWizard()
IDevice::Ptr GenericLinuxDeviceConfigurationWizard::device()
{
QSsh::SshConnectionParameters sshParams;
sshParams.options &= ~SshConnectionOptions(SshEnableStrictConformanceChecks); // For older SSH servers.
sshParams.host = d->setupPage.hostName();
sshParams.userName = d->setupPage.userName();
sshParams.port = 22;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment