It looks like as of version 5.1, openssh client (uncorrectly?) escapes SSH banner sent by server, which causes all backslashes in it to be doubled. Server seems to work fine, older openssh clients (tested 4.7, 5.0) and putty display the same banner, served by new openssh server, correctly.
Created attachment 169798 [details] The banner causing problem
please report to upstream.
Created attachment 169911 [details, diff] Patch to fix the problem I'm not sure whether this is the best we can do, but it fixes the problem.
seems harmless enough ... but is this a simple revert of older versions ? if so, why was the change made in 5.1_p1 ?
(In reply to comment #4) > seems harmless enough ... but is this a simple revert of older versions ? if > so, why was the change made in 5.1_p1 ? Nay, older versions didn't use strnvis(). I think it is meant to filter out (escape to \nnn) potentially dangerous control sequences. But the side result of that is that all backslashes are escaped too. I think we could disable that backslash-escaping, 'cause we aren't going to unescape that control sequences anyway.
sounds good ... ive moved this upstream ... if i dont hear back soon, we'll just roll with your patch
I don't know if this is related, but I'm seeing an error kicked back with openssh-5.1_p1-r1. It's been reported upstream as bug #1496, and involves connecting to a host with an empty banner. https://bugzilla.mindrot.org/show_bug.cgi?id=1496 The error that I'm seeing is: xmalloc: zero size and seems to match the behavior described in the upstream bug. Other distros have seen this as well, and all refer back to the mindrot bugzilla entry. It would seem that the 5.x codebase has more than one problem with banner handling. Also, the patch that they give seems to be the same code block as the patch attached in this bug.
it's in the same place, but it's a completely different bug ... i committed the changes that were made in upstream cvs rather than the stuff in that bug: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshconnect2.c.diff?r1=1.166;r2=1.168 ive also merged Michał's patch this is openssh-5.1_p1-r2
The bug is back with ~openssh-5.2_p1 (only backslash one).
Upstream fixed it within 5.4p1, and Gentoo 5.4_p1-r2 displays the banners correctly.