-
-
Notifications
You must be signed in to change notification settings - Fork 940
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minor protocol version parsing bug #749
Comments
Thanks for reporting this. It indeed does not affect anyone, but I prefer to fix it anyway. ^SSH-(?<protoversion>[^-]+)-(?<softwareversion>.+?)([ ](?<comment>.+))?$ Seems right? |
@drieseng: If you are planning on capturing the comment and making a solid class, then, after further reading, I think I am settling on either of the following, depending on how lenient you want to be...
Appreciably less-readable, but does provide the following:
The tests I have looked at are (any wrapping in the table should be ignored)...
I expect further testing around various strings you may have seen in the wild will be necessary. https://regex101.com/r/XKbjxI/1/ might provide a reasonable playground (although note that it is PCRE, so does not support any .NET-specific additions to expression syntax): Regarding lines
As such, if you are not already doing so, you may want to pre-process with Regarding readability
...probably self-documents intent better than the NUL-capturing expressions above. |
@jimbobmcgee I've refactored and updated our implementation based on your feedback. However, I decided not to make our "validation" more strict with regards to the character encoding of identification string. If you feel strongly about this, we can introduce it in the next major release and document it as a (possible) breaking change. |
@drieseng : Not at all, I was just exercising my RFC-reading and Regex-writing muscles, as they are both weak from underuse. The removal of the expected literal |
@jimbobmcgee Let me know if you come across other issues. Thx! |
Hello, after upgrading to 2020.0.0 we got the error message
We are using the atmoz/sftp docker container for starting our local ftp server docker run -p 22:22 --name my-ftp-test --restart unless-stopped -d atmoz/sftp foo:pass:1001::upload. When using atmos/sftp:alpine, this isn't a problem. Not sure if this is related to this issue or not but error message wise it seems related at least. |
Pinging @drieseng, in case you are no longer subscribed... |
I ran into this also on our unit testing. It was due to an OpenSSH server bug. From the OpenSSH release notes: OpenSSH 7.5/7.5p1 (2017-03-20)
OpenSSH 5.1/5.1p1 (2008-07-22)
|
I also have exactly this error with the 2020.0.0 package. I'm trying to connect to a raspberry under raspbian. |
@DkGr @Kim-SSi @jimbobmcgee Can one of your create a new issue for this ("Allow SSH identification string to be terminated by LF + null character") ? Question is whether the null character is part of the identification string or not. Can one of your validate the proposed fix (by building from source) once available? |
I can build the source and validate the fix. I created issue #761 |
I was looking through the code around an error message I was receiving ("Server response does not contian SSH protocol identification"), and noticed that you parse the protocol identification out of the server's initial banner, using a Regex which looks to be based on section 4.2 of RFC4253. However, I think that section has been slightly misinterpreted.
Specifically, the RFC says:
...and the Regex at
SSH.NET/src/Renci.SshNet/Session.cs
Line 86 in 5942469
The Regex expression looks for the literal characters
SP
(i.e. spaceSP) to separate the software version from the subsequent comments, while the RFC says that theSP
in its syntax is actually just the literal space character (in the same way thatCR LF
is the literal carriage-return and newline, so the expression should probably read:I don't think it technically affects anyone, since I don't think you do anything with the third group of that Regex, anyway, but on the off-chance that someone does eventually intend to parse comments out of the banner info, you may want to clean it up (and might want to review if you are interpreting that
SP
syntax literally, anywhere else in your codebase).In fact, given you don't actually use the third capture group in that Regex (and just need it to demarcate the end of the software version), you should be able to forego capturing it entirely (i.e.
using (?:...)
instead of(...)
).You probably do want to extract software version non-greedily, though (
.+?
instead of.+
). As it stands right now, a banner returningSSH-2.0-alpha some string info here
would parse with software versionalpha some string info
, with a comment ofhere
, where it probably should parse as software versionalpha
and comment ofsome string info here
.As such, I might be inclined to go with:
As I say, I don't think it is the cause of my "Server response does not contian SSH protocol identification" issue -- that's more likely to be a disconnection from the server -- but I thought I'd flag it because I was in the neighbourhood and, you know, duty!
The text was updated successfully, but these errors were encountered: