Key re-exchange bug? - WeOnlyDo Discussion board

Key re-exchange bug? (wodSSHServer)

by Jacob Nevins, Wednesday, August 24, 2005, 16:09 (4473 days ago)


We (PuTTY) have had a report that freeSSHd, which appears to be based on WeOnlyDo, freezes when PuTTY initiates a repeat key exchange. (PuTTY only started doing this in 0.58.)

The freeSSHd in question reports a version string of WeOnlyDo-1.2.6 , which presumably corresponds to the latest version of your software. We've added that string to our list of buggy implementations, so that development snapshots of PuTTY won't initiate key re-exchanges with WeOnlyDo.

However, that's not an ideal solution security-wise. Can you confirm this as a problem in your product, and if so, say which versions it's in (and what SSH version strings they report)? In particular, if you fix it, we can restrict PuTTY's idea of buggy servers so that key re-exchange isn't needlessly avoided.

(I realise this could in principle be a freeSSHd problem rather than a WeOnlyDo one. What do you think?)

Cheers -- Jacob Nevins

Complete thread: