Commit 27f70fbb authored by Alexander Withers's avatar Alexander Withers
Browse files

initial import of openssh

parent d91dfbf9
This file is part of the OpenSSH software.
The licences which components of this software fall under are as
follows. First, we will summarize and say that all components
are under a BSD licence, or a licence more free than that.
OpenSSH contains no GPL code.
1)
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
[Tatu continues]
* However, I am not implying to give any licenses to any patents or
* copyrights held by third parties, and the software includes parts that
* are not under my direct control. As far as I know, all included
* source code is used in accordance with the relevant license agreements
* and can be used freely for any purpose (the GNU license being the most
* restrictive); see below for details.
[However, none of that term is relevant at this point in time. All of
these restrictively licenced software components which he talks about
have been removed from OpenSSH, i.e.,
- RSA is no longer included, found in the OpenSSL library
- IDEA is no longer included, its use is deprecated
- DES is now external, in the OpenSSL library
- GMP is no longer used, and instead we call BN code from OpenSSL
- Zlib is now external, in a library
- The make-ssh-known-hosts script is no longer included
- TSS has been removed
- MD5 is now external, in the OpenSSL library
- RC4 support has been replaced with ARC4 support from OpenSSL
- Blowfish is now external, in the OpenSSL library
[The licence continues]
Note that any information and cryptographic algorithms used in this
software are publicly available on the Internet and at any major
bookstore, scientific library, and patent office worldwide. More
information can be found e.g. at "http://www.cs.hut.fi/crypto".
The legal status of this program is some combination of all these
permissions and restrictions. Use only at your own responsibility.
You will be responsible for any legal consequences yourself; I am not
making any claims whether possessing or using this is legal or not in
your country, and I am not taking any responsibility on your behalf.
NO WARRANTY
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
3)
ssh-keyscan was contributed by David Mazieres under a BSD-style
license.
* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
*
* Modification and redistribution in source and binary forms is
* permitted provided that due credit is given to the author and the
* OpenBSD project by leaving this copyright notice intact.
4)
The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers
and Paulo Barreto is in the public domain and distributed
with the following license:
* @version 3.0 (December 2000)
*
* Optimised ANSI C code for the Rijndael cipher (now AES)
*
* @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
* @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
* @author Paulo Barreto <paulo.barreto@terra.com.br>
*
* This code is hereby placed in the public domain.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
5)
One component of the ssh source code is under a 3-clause BSD license,
held by the University of California, since we pulled these parts from
original Berkeley code.
* Copyright (c) 1983, 1990, 1992, 1993, 1995
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
6)
Remaining components of the software are provided under a standard
2-term BSD licence with the following names as copyright holders:
Markus Friedl
Theo de Raadt
Niels Provos
Dug Song
Aaron Campbell
Damien Miller
Kevin Steves
Daniel Kouril
Wesley Griffin
Per Allansson
Nils Nordman
Simon Wilkinson
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
------
$OpenBSD: LICENCE,v 1.20 2017/04/30 23:26:16 djm Exp $
# $OpenBSD: Makefile,v 1.16 2017/12/10 19:37:57 deraadt Exp $
.include <bsd.own.mk>
SUBDIR= ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server \
ssh-keysign ssh-keyscan sftp ssh-pkcs11-helper
distribution:
${INSTALL} -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \
${DESTDIR}/etc/ssh/ssh_config
${INSTALL} -C -o root -g wheel -m 0644 ${.CURDIR}/sshd_config \
${DESTDIR}/etc/ssh/sshd_config
.include <bsd.subdir.mk>
# $OpenBSD: Makefile.inc,v 1.60 2018/07/18 11:34:04 dtucker Exp $
.include <bsd.own.mk>
CFLAGS+= -I${.CURDIR}/..
CFLAGS+= -fstack-protector-all
CDIAGFLAGS= -Wall
CDIAGFLAGS+= -Wextra
CDIAGFLAGS+= -Wformat-security
CDIAGFLAGS+= -Wmissing-declarations
CDIAGFLAGS+= -Wmissing-prototypes
CDIAGFLAGS+= -Wpointer-arith
CDIAGFLAGS+= -Wshadow
CDIAGFLAGS+= -Wstrict-prototypes
CDIAGFLAGS+= -Wunused
CDIAGFLAGS+= -Wno-unused-parameter # Lots of these in protocol handlers.
.if ${COMPILER_VERSION:L} != "gcc3"
CDIAGFLAGS+= -Wstrict-aliasing=2
CDIAGFLAGS+= -Wold-style-definition
.endif
#CDIAGFLAGS+= -Werror
#DEBUG=-g
#INSTALL_STRIP=
WARNINGS=yes
OPENSSL?= yes
.if (${OPENSSL:L} == "yes")
CFLAGS+= -DWITH_OPENSSL
.endif
CFLAGS+= -DENABLE_PKCS11
.ifndef NOPIC
CFLAGS+= -DHAVE_DLOPEN
.endif
SRCS_BASE+= sshbuf.c
SRCS_BASE+= sshbuf-getput-basic.c
SRCS_BASE+= ssherr.c
SRCS_BASE+= log.c
SRCS_BASE+= xmalloc.c
SRCS_BASE+= misc.c
.if (${OPENSSL:L} == "yes")
SRCS_KEX+= dh.c
SRCS_KEX+= kexdh.c
SRCS_KEX+= kexecdh.c
SRCS_KEX+= kexgex.c
SRCS_KEXC+= kexdhc.c
SRCS_KEXC+= kexecdhc.c
SRCS_KEXC+= kexgexc.c
SRCS_KEXS+= kexdhs.c
SRCS_KEXS+= kexecdhs.c
SRCS_KEXS+= kexgexs.c
.endif
SRCS_KEX+= kexc25519.c
SRCS_KEX+= smult_curve25519_ref.c
SRCS_KEXC+= kexc25519c.c
SRCS_KEXS+= kexc25519s.c
SRCS_KEY+= sshkey.c
SRCS_KEY+= sshbuf-misc.c
SRCS_KEY+= cipher.c
SRCS_KEY+= cipher-chachapoly.c
SRCS_KEY+= chacha.c
SRCS_KEY+= poly1305.c
.if (${OPENSSL:L} == "yes")
SRCS_KEY+= ssh-dss.c
SRCS_KEY+= ssh-ecdsa.c
SRCS_KEY+= ssh-rsa.c
SRCS_KEY+= sshbuf-getput-crypto.c
SRCS_KEY+= digest-openssl.c
.else
SRCS_KEY+= cipher-aesctr.c
SRCS_KEY+= rijndael.c
SRCS_KEY+= digest-libc.c
.endif
SRCS_KEY+= ssh-ed25519.c
# ed25519, from supercop
SRCS_KEY+= sc25519.c
SRCS_KEY+= ge25519.c
SRCS_KEY+= fe25519.c
SRCS_KEY+= ed25519.c
SRCS_KEY+= verify.c
SRCS_KEY+= hash.c
SRCS_KEYP+= authfile.c
SRCS_KRL+= bitmap.c
SRCS_KRL+= krl.c
SRCS_PKT+= canohost.c
SRCS_PKT+= dispatch.c
SRCS_PKT+= hmac.c
SRCS_PKT+= kex.c
SRCS_PKT+= mac.c
SRCS_PKT+= packet.c
SRCS_PKT+= umac.c
SRCS_PKT+= umac128.c
SRCS_PROT+= channels.c
SRCS_PROT+= crc32.c
SRCS_PROT+= monitor_fdpass.c
SRCS_PROT+= nchan.c
SRCS_PROT+= opacket.c
SRCS_PROT+= ttymodes.c
SRCS_UTL+= addrmatch.c
SRCS_UTL+= match.c
.if (${OPENSSL:L} == "yes")
SRCS_PKCS11+= ssh-pkcs11.c
.else
SRCS_PKCS11+=
.endif
WITH_XMSS?= no
.if (${WITH_XMSS:L} == "yes")
CFLAGS+= -DWITH_XMSS
SRCS_KEY+= ssh-xmss.c
SRCS_KEY+= sshkey-xmss.c
SRCS_KEY+= xmss_commons.c
SRCS_KEY+= xmss_fast.c
SRCS_KEY+= xmss_hash.c
SRCS_KEY+= xmss_hash_address.c
SRCS_KEY+= xmss_wots.c
.endif
.include <bsd.obj.mk>
[Note: This file has not been updated for OpenSSH versions after
OpenSSH-1.2 and should be considered OBSOLETE. It has been left in
the distribution because some of its information may still be useful
to developers.]
This document is intended for those who wish to read the ssh source
code. This tries to give an overview of the structure of the code.
Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>
Updated 17 Nov 1995.
Updated 19 Oct 1999 for OpenSSH-1.2
Updated 20 May 2001 note obsolete for > OpenSSH-1.2
The software consists of ssh (client), sshd (server), scp, sdist, and
the auxiliary programs ssh-keygen, ssh-agent, ssh-add, and
make-ssh-known-hosts. The main program for each of these is in a .c
file with the same name.
There are some subsystems/abstractions that are used by a number of
these programs.
Buffer manipulation routines
- These provide an arbitrary size buffer, where data can be appended.
Data can be consumed from either end. The code is used heavily
throughout ssh. The buffer manipulation functions are in
sshbuf*.c (header sshbuf.h).
Compression Library
- Ssh uses the GNU GZIP compression library (ZLIB).
Encryption/Decryption
- Ssh contains several encryption algorithms. These are all
accessed through the cipher.h interface. The interface code is
in cipher.c, and the implementations are in libc.
Multiple Precision Integer Library
- Uses the SSLeay BIGNUM sublibrary.
Random Numbers
- Uses arc4random() and such.
RSA key generation, encryption, decryption
- Ssh uses the RSA routines in libssl.
RSA key files
- RSA keys are stored in files with a special format. The code to
read/write these files is in authfile.c. The files are normally
encrypted with a passphrase. The functions to read passphrases
are in readpass.c (the same code is used to read passwords).
Binary packet protocol
- The ssh binary packet protocol is implemented in packet.c. The
code in packet.c does not concern itself with packet types or their
execution; it contains code to build packets, to receive them and
extract data from them, and the code to compress and/or encrypt
packets.
- The code in packet.c calls the buffer manipulation routines
(buffer.c, bufaux.c), compression routines (zlib), and the
encryption routines.
X11, TCP/IP, and Agent forwarding
- Code for various types of channel forwarding is in channels.c.
The file defines a generic framework for arbitrary communication
channels inside the secure channel, and uses this framework to
implement X11 forwarding, TCP/IP forwarding, and authentication
agent forwarding.
The new, Protocol 1.5, channel close implementation is in nchan.c
Authentication agent
- Code to communicate with the authentication agent is in authfd.c.
Authentication methods
- Code for various authentication methods resides in auth-*.c
(auth-passwd.c, auth-rh-rsa.c, auth-rhosts.c, auth-rsa.c). This
code is linked into the server. The routines also manipulate
known hosts files using code in hostfile.c. Code in canohost.c
is used to retrieve the canonical host name of the remote host.
Code in match.c is used to match host names.
- In the client end, authentication code is in sshconnect.c. It
reads Passwords/passphrases using code in readpass.c. It reads
RSA key files with authfile.c. It communicates the
authentication agent using authfd.c.
The ssh client
- The client main program is in ssh.c. It first parses arguments
and reads configuration (readconf.c), then calls ssh_connect (in
sshconnect.c) to open a connection to the server (possibly via a
proxy), and performs authentication (ssh_login in sshconnect.c).
It then makes any pty, forwarding, etc. requests. It may call
code in ttymodes.c to encode current tty modes. Finally it
calls client_loop in clientloop.c. This does the real work for
the session.
Pseudo-tty manipulation and tty modes
- Code to allocate and use a pseudo tty is in pty.c. Code to
encode and set terminal modes is in ttymodes.c.
Logging in (updating utmp, lastlog, etc.)
- The code to do things that are done when a user logs in are in
login.c. This includes things such as updating the utmp, wtmp,
and lastlog files. Some of the code is in sshd.c.
Writing to the system log and terminal
- The programs use the functions fatal(), log(), debug(), error()
in many places to write messages to system log or user's
terminal. The implementation that logs to system log is in
log-server.c; it is used in the server program. The other
programs use an implementation that sends output to stderr; it
is in log-client.c. The definitions are in ssh.h.
The sshd server (daemon)
- The sshd daemon starts by processing arguments and reading the
configuration file (servconf.c). It then reads the host key,
starts listening for connections, and generates the server key.
The server key will be regenerated every hour by an alarm.
- When the server receives a connection, it forks, disables the
regeneration alarm, and starts communicating with the client.
They first perform identification string exchange, then
negotiate encryption, then perform authentication, preparatory
operations, and finally the server enters the normal session
mode by calling server_loop in serverloop.c. This does the real
work, calling functions in other modules.
- The code for the server is in sshd.c. It contains a lot of
stuff, including:
- server main program
- waiting for connections
- processing new connection
- authentication
- preparatory operations
- building up the execution environment for the user program
- starting the user program.
Auxiliary files
- There are several other files in the distribution that contain
various auxiliary routines:
ssh.h the main header file for ssh (various definitions)
uidswap.c uid-swapping
xmalloc.c "safe" malloc routines
$OpenBSD: OVERVIEW,v 1.14 2018/07/27 03:55:22 dtucker Exp $
This documents OpenSSH's deviations and extensions to the published SSH
protocol.
Note that OpenSSH's sftp and sftp-server implement revision 3 of the SSH
filexfer protocol described in:
http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt
Newer versions of the draft will not be supported, though some features
are individually implemented as extensions described below.
The protocol used by OpenSSH's ssh-agent is described in the file
PROTOCOL.agent
1. Transport protocol changes
1.1. transport: Protocol 2 MAC algorithm "umac-64@openssh.com"
This is a new transport-layer MAC method using the UMAC algorithm
(rfc4418). This method is identical to the "umac-64" method documented
in:
http://www.openssh.com/txt/draft-miller-secsh-umac-01.txt
1.2. transport: Protocol 2 compression algorithm "zlib@openssh.com"
This transport-layer compression method uses the zlib compression
algorithm (identical to the "zlib" method in rfc4253), but delays the
start of compression until after authentication has completed. This
avoids exposing compression code to attacks from unauthenticated users.
The method is documented in:
http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt
1.3. transport: New public key algorithms "ssh-rsa-cert-v01@openssh.com",
"ssh-dsa-cert-v01@openssh.com",
"ecdsa-sha2-nistp256-cert-v01@openssh.com",
"ecdsa-sha2-nistp384-cert-v01@openssh.com" and
"ecdsa-sha2-nistp521-cert-v01@openssh.com"
OpenSSH introduces new public key algorithms to support certificate
authentication for users and host keys. These methods are documented
in the file PROTOCOL.certkeys
1.4. transport: Elliptic Curve cryptography
OpenSSH supports ECC key exchange and public key authentication as
specified in RFC5656. Only the ecdsa-sha2-nistp256, ecdsa-sha2-nistp384
and ecdsa-sha2-nistp521 curves over GF(p) are supported. Elliptic
curve points encoded using point compression are NOT accepted or
generated.
1.5 transport: Protocol 2 Encrypt-then-MAC MAC algorithms
OpenSSH supports MAC algorithms, whose names contain "-etm", that
perform the calculations in a different order to that defined in RFC
4253. These variants use the so-called "encrypt then MAC" ordering,
calculating the MAC over the packet ciphertext rather than the
plaintext. This ordering closes a security flaw in the SSH transport
protocol, where decryption of unauthenticated ciphertext provided a
"decryption oracle" that could, in conjunction with cipher flaws, reveal
session plaintext.
Specifically, the "-etm" MAC algorithms modify the transport protocol
to calculate the MAC over the packet ciphertext and to send the packet
length unencrypted. This is necessary for the transport to obtain the
length of the packet and location of the MAC tag so that it may be
verified without decrypting unauthenticated data.
As such, the MAC covers:
mac = MAC(key, sequence_number || packet_length || encrypted_packet)
where "packet_length" is encoded as a uint32 and "encrypted_packet"
contains:
byte padding_length
byte[n1] payload; n1 = packet_length - padding_length - 1
byte[n2] random padding; n2 = padding_length
1.6 transport: AES-GCM
OpenSSH supports the AES-GCM algorithm as specified in RFC 5647.
Because of problems with the specification of the key exchange
the behaviour of OpenSSH differs from the RFC as follows:
AES-GCM is only negotiated as the cipher algorithms
"aes128-gcm@openssh.com" or "aes256-gcm@openssh.com" and never as
an MAC algorithm. Additionally, if AES-GCM is selected as the cipher
the exchanged MAC algorithms are ignored and there doesn't have to be
a matching MAC.
1.7 transport: chacha20-poly1305@openssh.com authenticated encryption
OpenSSH supports authenticated encryption using ChaCha20 and Poly1305
as described in PROTOCOL.chacha20poly1305.
1.8 transport: curve25519-sha256@libssh.org key exchange algorithm
OpenSSH supports the use of ECDH in Curve25519 for key exchange as
described at:
http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519
2. Connection protocol changes
2.1. connection: Channel write close extension "eow@openssh.com"
The SSH connection protocol (rfc4254) provides the SSH_MSG_CHANNEL_EOF
message to allow an endpoint to signal its peer that it will send no
more data over a channel. Unfortunately, there is no symmetric way for
an endpoint to request that its peer should cease sending data to it
while still keeping the channel open for the endpoint to send data to
the peer.
This is desirable, since it saves the transmission of data that would
otherwise need to be discarded and it allows an endpoint to signal local
processes of the condition, e.g. by closing the corresponding file
descriptor.
OpenSSH implements a channel extension message to perform this
signalling: "eow@openssh.com" (End Of Write). This message is sent by
an endpoint when the local output of a session channel is closed or
experiences a write error. The message is formatted as follows:
byte SSH_MSG_CHANNEL_REQUEST
uint32 recipient channel
string "eow@openssh.com"
boolean FALSE
On receiving this message, the peer SHOULD cease sending data of
the channel and MAY signal the process from which the channel data
originates (e.g. by closing its read file descriptor).
As with the symmetric SSH_MSG_CHANNEL_EOF message, the channel does
remain open after a "eow@openssh.com" has been sent and more data may
still be sent in the other direction. This message does not consume
window space and may be sent even if no window space is available.
NB. due to certain broken SSH implementations aborting upon receipt
of this message (in contravention of RFC4254 section 5.4), this
message is only sent to OpenSSH peers (identified by banner).
Other SSH implementations may be whitelisted to receive this message
upon request.
2.2. connection: disallow additional sessions extension
"no-more-sessions@openssh.com"
Most SSH connections will only ever request a single session, but a
attacker may abuse a running ssh client to surreptitiously open
additional sessions under their control. OpenSSH provides a global
request "no-more-sessions@openssh.com" to mitigate this attack.
When an OpenSSH client expects that it will never open another session
(i.e. it has been started with connection multiplexing disabled), it
will send the following global request:
byte SSH_MSG_GLOBAL_REQUEST
string "no-more-sessions@openssh.com"