From fcfe5ed37306136219854031abc809e0dc9b3124 Mon Sep 17 00:00:00 2001 From: Peter Verraedt Date: Sun, 20 Mar 2022 19:47:57 +0100 Subject: [PATCH] ssh: send ext-info-c only once In accordance to RFC8308, send ext-info-c only during the first key exchange. Some server implementations such as OpenSSH 7 will send an extInfoMsg message each time when ext-info-c is received. This results in a closed connection, as our client does not expect this message while handling the mux. See https://bugzilla.mindrot.org/show_bug.cgi?id=2929 regarding the behaviour of OpenSSH if it sees ext-info-c in later key exchanges. Fixes #51808 Signed-off-by: Peter Verraedt --- ssh/handshake.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ssh/handshake.go b/ssh/handshake.go index f815cdb4c9..653dc4d2cf 100644 --- a/ssh/handshake.go +++ b/ssh/handshake.go @@ -479,10 +479,12 @@ func (t *handshakeTransport) sendKexInit() error { // As a client we opt in to receiving SSH_MSG_EXT_INFO so we know what // algorithms the server supports for public key authentication. See RFC - // 8303, Section 2.1. - msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1) - msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...) - msg.KexAlgos = append(msg.KexAlgos, "ext-info-c") + // 8308, Section 2.1. + if firstKeyExchange := t.sessionID == nil; firstKeyExchange { + msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1) + msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...) + msg.KexAlgos = append(msg.KexAlgos, "ext-info-c") + } } packet := Marshal(msg)