diff options
author | Stuart Cardall <developer@it-offshore.co.uk> | 2015-07-19 14:17:31 +0000 |
---|---|---|
committer | Francesco Colista <fcolista@alpinelinux.org> | 2015-07-20 06:59:25 +0000 |
commit | d83d72586061c304bc02aa505bf131dbbc7d81f8 (patch) | |
tree | 7ef478c354e145ce741264e156f727a1071ffff5 | |
parent | 23cd29abe11fcc8679157f34900c02c9359d0748 (diff) | |
download | aports-d83d72586061c304bc02aa505bf131dbbc7d81f8.tar.bz2 aports-d83d72586061c304bc02aa505bf131dbbc7d81f8.tar.xz |
testing/tinyssh: fix keepalive not implemented
this fixes sessions being reset when a keepalive is sent
-rw-r--r-- | testing/tinyssh/APKBUILD | 14 | ||||
-rw-r--r-- | testing/tinyssh/keepalive-not-implemented.patch | 84 |
2 files changed, 94 insertions, 4 deletions
diff --git a/testing/tinyssh/APKBUILD b/testing/tinyssh/APKBUILD index f994e492e0..f7555c4e02 100644 --- a/testing/tinyssh/APKBUILD +++ b/testing/tinyssh/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Stuart Cardall <developer@it-offshore.co.uk> pkgname=tinyssh pkgver=20150501 -pkgrel=0 +pkgrel=1 pkgdesc="Small SSH server using NaCl / TweetNaCl (no dependency on OpenSSL)" url="http://tinyssh.org/" arch="all" @@ -13,6 +13,7 @@ subpackages="$pkgname-doc" source="$pkgname-$pkgver.tar.bz2::http://mojzis.com/software/$pkgname/$pkgname-$pkgver.tar.bz2 $pkgname.initd $pkgname.confd + keepalive-not-implemented.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -55,15 +56,20 @@ echo '22 stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v /etc/tinyssh/s rc-service inetd start (3) Using runit with either (1) or (2) + +Stealth SSH with FWKNOP: https://it-offshore.co.uk/security/53-stealth-your-ssh-port-ssh-into-lxc-containers EOF } md5sums="0e8b4add3fa6c4481e7b8159aca75b2f tinyssh-20150501.tar.bz2 78ec724804035bae29e1c47abec737d8 tinyssh.initd -83e705f0f71db5ae0d8530edafa63497 tinyssh.confd" +83e705f0f71db5ae0d8530edafa63497 tinyssh.confd +42cf023926c2b9472fa3d98a6f626db8 keepalive-not-implemented.patch" sha256sums="ccaee75ee04252c7e7db1e06e74e4c55b53911c310a0dc5e1288c0feb73a1470 tinyssh-20150501.tar.bz2 b3584c463f6ba0de6a5fe2e28fb98cd8ef65a55f17a0f4c877f61f54019ef34c tinyssh.initd -c6c67395e7230d75077734f0b08d5f8c76f11aaef27878b013b7bd68dd7ba774 tinyssh.confd" +c6c67395e7230d75077734f0b08d5f8c76f11aaef27878b013b7bd68dd7ba774 tinyssh.confd +96ce731b29f76cba82047512a0c751370987fd51ff08d5bf124f10342f213251 keepalive-not-implemented.patch" sha512sums="780e4aa87fc5afbd0818f1c815c0e95a9ec5b096efedbc49d54492195725bbdf3fe860cc4b84a5e9b15b9b568fd0398e48601da3af22b3dfd64e4214d4797fbe tinyssh-20150501.tar.bz2 d10f995c6687e706453e51d06b3466427d476036efdbd86db2f9330281e46049bf2e3698208524b3f70cdbd30373f5bf46c7164dd626d22b3fa9a75ca5d8d478 tinyssh.initd -4513bd0d43ef0825fbd77365a8a7adefcd99211102df76003becf7e3a09a47ad9bbd16a68c3fadfb7868e0562f8d42a26106b7582cb70490a7e52a7d1e6110e9 tinyssh.confd" +4513bd0d43ef0825fbd77365a8a7adefcd99211102df76003becf7e3a09a47ad9bbd16a68c3fadfb7868e0562f8d42a26106b7582cb70490a7e52a7d1e6110e9 tinyssh.confd +9511d09d8a62e673e3e6b2ae9fc55e5b6ca7c33485c1834b4f53a1f06d84d34619a7f620c9862fb059d8a0d24a79d4172bd355185ceff5ac8acb381350e41d2e keepalive-not-implemented.patch" diff --git a/testing/tinyssh/keepalive-not-implemented.patch b/testing/tinyssh/keepalive-not-implemented.patch new file mode 100644 index 0000000000..19c21c1c23 --- /dev/null +++ b/testing/tinyssh/keepalive-not-implemented.patch @@ -0,0 +1,84 @@ +diff --git a/tinyssh-tests/packet_uinmplementedtest.c b/tinyssh-tests/packet_uinmplementedtest.c +new file mode 120000 +index 0000000..c1c5f9b +--- /dev/null ++++ b/tinyssh-tests/packet_uinmplementedtest.c +@@ -0,0 +1 @@ ++emptytest.c +\ No newline at end of file +diff --git a/tinyssh/LIBS b/tinyssh/LIBS +index 7f1bcf5..9c1f27a 100644 +--- a/tinyssh/LIBS ++++ b/tinyssh/LIBS +@@ -36,6 +36,7 @@ packetparser.o + packet_put.o + packet_recv.o + packet_send.o ++packet_uinmplemented.o + porttostr.o + randommod.o + readall.o +diff --git a/tinyssh/SOURCES b/tinyssh/SOURCES +index be77a5f..613535d 100644 +--- a/tinyssh/SOURCES ++++ b/tinyssh/SOURCES +@@ -36,6 +36,7 @@ packetparser + packet_put + packet_recv + packet_send ++packet_uinmplemented + porttostr + randommod + readall +diff --git a/tinyssh/packet.h b/tinyssh/packet.h +index 891ede8..b2cba92 100644 +--- a/tinyssh/packet.h ++++ b/tinyssh/packet.h +@@ -127,4 +127,7 @@ extern int packet_channel_send_windowadjust(struct buf *); + extern void packet_channel_send_eof(struct buf *); + extern int packet_channel_send_close(struct buf *, int, int); + ++/* packet_uinmplemented.c */ ++extern int packet_uinmplemented(struct buf *); ++ + #endif +diff --git a/tinyssh/packet_uinmplemented.c b/tinyssh/packet_uinmplemented.c +new file mode 100644 +index 0000000..1ca82d6 +--- /dev/null ++++ b/tinyssh/packet_uinmplemented.c +@@ -0,0 +1,18 @@ ++/* ++20150719 ++Jan Mojzis ++Public domain. ++*/ ++ ++#include "buf.h" ++#include "ssh.h" ++#include "packet.h" ++ ++int packet_uinmplemented(struct buf *b) { ++ ++ buf_purge(b); ++ buf_putnum8(b, SSH_MSG_UNIMPLEMENTED); /* SSH_MSG_UNIMPLEMENTED */ ++ buf_putnum32(b, packet.receivepacketid); /* packeid */ ++ packet_put(b); ++ return packet_sendall(); ++} +diff --git a/tinyssh/tinysshd.c b/tinyssh/tinysshd.c +index ba44584..78677f5 100644 +--- a/tinyssh/tinysshd.c ++++ b/tinyssh/tinysshd.c +@@ -300,8 +300,8 @@ int main(int argc, char **argv) { + case SSH_MSG_KEXINIT: + goto rekeying; + default: +- die_fatal("unknown message type", 0, 0); +- /* XXX TODO - send SSH_MSG_UNIMPLEMENTED */ ++ log_d1("unknown packet - sending SSH_MSG_UNIMPLEMENTED message"); ++ if (!packet_uinmplemented(&b1)) die_fatal("unable to send SSH_MSG_UNIMPLEMENTED message", 0, 0); + } + } + } + |