I've had a report from a user that "SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420" is sending an invalid SSH_MSG_USERAUTH_INFO_REQUEST. Checking against the server in question, it first sends a valid request (empty name, empty instruction, empty language, single prompt for a password): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 ................ 00 00 00 28 50 61 73 73 77 6f 72 64 20 66 6f 72 ...(Password for [...] to which I reply with a SSH_MSG_USERAUTH_INFO_RESPONSE. The server then sends a second SSH_MSG_USERAUTH_INFO_REQUEST consisting of 16 bytes of zeros: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ for which, even if you ignore the fact that it fails a data-validity check, I'm not sure how you're supposed to respond, since it's asked for zero responses to its authentication request. Peter. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
