"brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > That message comes from OpenSSH. I've seen it quite frequently in > various other (non-Git) cases. I think it's fair for us to exit > unsuccessfully if OpenSSH exits unsuccessfully in this case. For > example, an attacker could try to tamper with the connection and send > additional data, which OpenSSH would detect and exit unsuccessfully for. > We also in general need to detect truncation attacks, which OpenSSH will > do for us here. > > It's possible that if there's an older version of OpenSSH being used, > that the problem happens to be related to a bug of some sort. There > were some versions which had various bugs that could be triggered by a > rekey, which, if the threshold is set low enough, could be the cause of > this particular problem. > > I think the fact that it's not being seen with HTTPS is the ultimate > clue here. This suspiously sounds familiar. Asking for "close ssh connection" in the lore.kernel.org archive finds this: https://lore.kernel.org/git/YKTg8nYjSGpKbq8W@xxxxxxxxxxxxxxxxxxxxxxx/
