PuTTY artifact ssh2-dropbear-ignore

This is a mirror. Follow this link to find the primary PuTTY web site.

summary: An embedded version of Dropbear gets confused by SSH_MSG_IGNORE
difficulty: taxing: Needs external things we don't have (standards, users etc)
priority: historic: This is an old bug report that we think is either fixed without noticing, or confined to old systems, or too vague.
absent-in: 0.58
present-in: 0.60

We've had a report of a problem with SSH-2 connections to a Tandberg video conferencing codec running what claims to be "dropbear_0.45". The codec announces itself as "TANDBERG Codec Release F6.0 NTSC / SW Release Date: 2007-04-27".

The connection ends up using a CBC cipher mode, and the codec drops the TCP connection after receiving the first empty SSH_MSG_IGNORE from PuTTY. This problem doesn't affect PuTTY 0.58 because it doesn't send such messages. A version of PuTTY clobbered to never send SSH_MSG_IGNORE works, as does 0.56 (modulo an independent bug), despite the latter's sending non-zero-size SSH_MSG_IGNOREs along with SSH_MSG_USERAUTH_REQUEST.

This problem doesn't seem to occur with vanilla Dropbear 0.45.

A bug-compatibility option could be added to deal with this, but it's not very clear either what systems are affected or what the limits of the bug are.

SGT, 2024-11-17: marking this issue as historic. We now do have a manually configurable bug compatibility option to avoid sending SSH_MSG_IGNORE, and with any luck that codec is a thing of the past too (last heard of in 2007).

If you want to comment on this web site, see the Feedback page.

Audit trail for this artifact.

(last revision of this bug record was at 2024-11-17 14:53:03 +0000)