aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStuart Cardall <developer@it-offshore.co.uk>2015-07-19 14:17:31 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2015-07-20 06:59:25 +0000
commitd83d72586061c304bc02aa505bf131dbbc7d81f8 (patch)
tree7ef478c354e145ce741264e156f727a1071ffff5
parent23cd29abe11fcc8679157f34900c02c9359d0748 (diff)
downloadaports-d83d72586061c304bc02aa505bf131dbbc7d81f8.tar.bz2
aports-d83d72586061c304bc02aa505bf131dbbc7d81f8.tar.xz
testing/tinyssh: fix keepalive not implemented
this fixes sessions being reset when a keepalive is sent
-rw-r--r--testing/tinyssh/APKBUILD14
-rw-r--r--testing/tinyssh/keepalive-not-implemented.patch84
2 files changed, 94 insertions, 4 deletions
diff --git a/testing/tinyssh/APKBUILD b/testing/tinyssh/APKBUILD
index f994e492e0..f7555c4e02 100644
--- a/testing/tinyssh/APKBUILD
+++ b/testing/tinyssh/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
pkgname=tinyssh
pkgver=20150501
-pkgrel=0
+pkgrel=1
pkgdesc="Small SSH server using NaCl / TweetNaCl (no dependency on OpenSSL)"
url="http://tinyssh.org/"
arch="all"
@@ -13,6 +13,7 @@ subpackages="$pkgname-doc"
source="$pkgname-$pkgver.tar.bz2::http://mojzis.com/software/$pkgname/$pkgname-$pkgver.tar.bz2
$pkgname.initd
$pkgname.confd
+ keepalive-not-implemented.patch
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -55,15 +56,20 @@ echo '22 stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v /etc/tinyssh/s
rc-service inetd start
(3) Using runit with either (1) or (2)
+
+Stealth SSH with FWKNOP: https://it-offshore.co.uk/security/53-stealth-your-ssh-port-ssh-into-lxc-containers
EOF
}
md5sums="0e8b4add3fa6c4481e7b8159aca75b2f tinyssh-20150501.tar.bz2
78ec724804035bae29e1c47abec737d8 tinyssh.initd
-83e705f0f71db5ae0d8530edafa63497 tinyssh.confd"
+83e705f0f71db5ae0d8530edafa63497 tinyssh.confd
+42cf023926c2b9472fa3d98a6f626db8 keepalive-not-implemented.patch"
sha256sums="ccaee75ee04252c7e7db1e06e74e4c55b53911c310a0dc5e1288c0feb73a1470 tinyssh-20150501.tar.bz2
b3584c463f6ba0de6a5fe2e28fb98cd8ef65a55f17a0f4c877f61f54019ef34c tinyssh.initd
-c6c67395e7230d75077734f0b08d5f8c76f11aaef27878b013b7bd68dd7ba774 tinyssh.confd"
+c6c67395e7230d75077734f0b08d5f8c76f11aaef27878b013b7bd68dd7ba774 tinyssh.confd
+96ce731b29f76cba82047512a0c751370987fd51ff08d5bf124f10342f213251 keepalive-not-implemented.patch"
sha512sums="780e4aa87fc5afbd0818f1c815c0e95a9ec5b096efedbc49d54492195725bbdf3fe860cc4b84a5e9b15b9b568fd0398e48601da3af22b3dfd64e4214d4797fbe tinyssh-20150501.tar.bz2
d10f995c6687e706453e51d06b3466427d476036efdbd86db2f9330281e46049bf2e3698208524b3f70cdbd30373f5bf46c7164dd626d22b3fa9a75ca5d8d478 tinyssh.initd
-4513bd0d43ef0825fbd77365a8a7adefcd99211102df76003becf7e3a09a47ad9bbd16a68c3fadfb7868e0562f8d42a26106b7582cb70490a7e52a7d1e6110e9 tinyssh.confd"
+4513bd0d43ef0825fbd77365a8a7adefcd99211102df76003becf7e3a09a47ad9bbd16a68c3fadfb7868e0562f8d42a26106b7582cb70490a7e52a7d1e6110e9 tinyssh.confd
+9511d09d8a62e673e3e6b2ae9fc55e5b6ca7c33485c1834b4f53a1f06d84d34619a7f620c9862fb059d8a0d24a79d4172bd355185ceff5ac8acb381350e41d2e keepalive-not-implemented.patch"
diff --git a/testing/tinyssh/keepalive-not-implemented.patch b/testing/tinyssh/keepalive-not-implemented.patch
new file mode 100644
index 0000000000..19c21c1c23
--- /dev/null
+++ b/testing/tinyssh/keepalive-not-implemented.patch
@@ -0,0 +1,84 @@
+diff --git a/tinyssh-tests/packet_uinmplementedtest.c b/tinyssh-tests/packet_uinmplementedtest.c
+new file mode 120000
+index 0000000..c1c5f9b
+--- /dev/null
++++ b/tinyssh-tests/packet_uinmplementedtest.c
+@@ -0,0 +1 @@
++emptytest.c
+\ No newline at end of file
+diff --git a/tinyssh/LIBS b/tinyssh/LIBS
+index 7f1bcf5..9c1f27a 100644
+--- a/tinyssh/LIBS
++++ b/tinyssh/LIBS
+@@ -36,6 +36,7 @@ packetparser.o
+ packet_put.o
+ packet_recv.o
+ packet_send.o
++packet_uinmplemented.o
+ porttostr.o
+ randommod.o
+ readall.o
+diff --git a/tinyssh/SOURCES b/tinyssh/SOURCES
+index be77a5f..613535d 100644
+--- a/tinyssh/SOURCES
++++ b/tinyssh/SOURCES
+@@ -36,6 +36,7 @@ packetparser
+ packet_put
+ packet_recv
+ packet_send
++packet_uinmplemented
+ porttostr
+ randommod
+ readall
+diff --git a/tinyssh/packet.h b/tinyssh/packet.h
+index 891ede8..b2cba92 100644
+--- a/tinyssh/packet.h
++++ b/tinyssh/packet.h
+@@ -127,4 +127,7 @@ extern int packet_channel_send_windowadjust(struct buf *);
+ extern void packet_channel_send_eof(struct buf *);
+ extern int packet_channel_send_close(struct buf *, int, int);
+
++/* packet_uinmplemented.c */
++extern int packet_uinmplemented(struct buf *);
++
+ #endif
+diff --git a/tinyssh/packet_uinmplemented.c b/tinyssh/packet_uinmplemented.c
+new file mode 100644
+index 0000000..1ca82d6
+--- /dev/null
++++ b/tinyssh/packet_uinmplemented.c
+@@ -0,0 +1,18 @@
++/*
++20150719
++Jan Mojzis
++Public domain.
++*/
++
++#include "buf.h"
++#include "ssh.h"
++#include "packet.h"
++
++int packet_uinmplemented(struct buf *b) {
++
++ buf_purge(b);
++ buf_putnum8(b, SSH_MSG_UNIMPLEMENTED); /* SSH_MSG_UNIMPLEMENTED */
++ buf_putnum32(b, packet.receivepacketid); /* packeid */
++ packet_put(b);
++ return packet_sendall();
++}
+diff --git a/tinyssh/tinysshd.c b/tinyssh/tinysshd.c
+index ba44584..78677f5 100644
+--- a/tinyssh/tinysshd.c
++++ b/tinyssh/tinysshd.c
+@@ -300,8 +300,8 @@ int main(int argc, char **argv) {
+ case SSH_MSG_KEXINIT:
+ goto rekeying;
+ default:
+- die_fatal("unknown message type", 0, 0);
+- /* XXX TODO - send SSH_MSG_UNIMPLEMENTED */
++ log_d1("unknown packet - sending SSH_MSG_UNIMPLEMENTED message");
++ if (!packet_uinmplemented(&b1)) die_fatal("unable to send SSH_MSG_UNIMPLEMENTED message", 0, 0);
+ }
+ }
+ }
+