1. Forum
  2. FidoNet
  3. SYNC PROGRAMMING

  • src/syncterm/ssh.c

    From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, September 22, 2024 16:22:19
    https://gitlab.synchro.net/main/sbbs/-/commit/1bac2b62ef23ae473cb4622c
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Fix sourceforge issue 136

    With ssh_sock initialized to zero, if the connect fails, stdin was
    closed, preventing ANSI and curses modes from functioning.
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, September 22, 2024 16:46:21
    https://gitlab.synchro.net/main/sbbs/-/commit/8bc6f5f864e69b8d3c1f5680
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Some more ssh_close() cleanup

    Make ssh_active only true when ssh_session was set.
    Only do ssh cleanup if ssh_active is true.
    Initialize channel values to -1 (already done in ssh_connect(), but
    doesn't hurt anything).
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, September 22, 2024 16:56:43
    https://gitlab.synchro.net/main/sbbs/-/commit/3d425a47316e605164f7b3e5
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Be sure to close ssh_sock regardless of ssh_active
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, September 22, 2024 16:59:14
    https://gitlab.synchro.net/main/sbbs/-/commit/69c11e5072818e18aeb38f5e
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Destroy ssh_tx_mutex
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, September 22, 2024 16:59:14
    https://gitlab.synchro.net/main/sbbs/-/commit/5508a8a558058fcaeb356242
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    No no, *DESTROY* sftp_tx_mutex
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Friday, January 03, 2025 10:35:27
    https://gitlab.synchro.net/main/sbbs/-/commit/e15ba30749ace18e46675ec4
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Move ssh_complete out of ssh_mutex

    Coverity seems to hate it mostly in the mutex, so change it to
    mostly outside of the mutex and see if that's fine.

    It doesn't really matter where it's changed as it's an atomic bool.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Saturday, January 04, 2025 22:55:27
    https://gitlab.synchro.net/main/sbbs/-/commit/1326b624bd973b8e3f6e9b93
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Fix memory leak when connection lost during SFTP key check

    Found by scan-build
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Tuesday, January 07, 2025 13:13:00
    https://gitlab.synchro.net/main/sbbs/-/commit/ee15f3cfe79bf6f5f0486f3e
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Remove more redundant code

    ssh_active was never set to false anymore
    channel_gone did exactly the same thing as conn_api.terminate
    change read/write timeouts to zero when closing
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Tuesday, January 07, 2025 13:16:42
    https://gitlab.synchro.net/main/sbbs/-/commit/0ad896e3b34767ba64207875
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Remove likely obsolete Coverity suppression.

    It can be added back if the issue reappears.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Tuesday, January 07, 2025 19:23:28
    https://gitlab.synchro.net/main/sbbs/-/commit/772609493c77c12dcadf8bc4
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    assert() ssh globals are initialized correctly.

    Some weren't (mostly sftp ones though)
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Wednesday, January 08, 2025 22:01:58
    https://gitlab.synchro.net/main/sbbs/-/commit/0ff6b5ecb393dcf2f170f68e
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Re-add coverity suppression. Not obsolete.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, March 09, 2025 07:21:10
    https://gitlab.synchro.net/main/sbbs/-/commit/062c3faba40c1a72664e80c3
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Call ssh_close() on failure after ssh_session is initialized

    Fixes assertion on failed connects.
    --- SBBSecho 3.23-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, March 15, 2026 01:06:05
    https://gitlab.synchro.net/main/sbbs/-/commit/a45466867429f3ad7043fb5e
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Add missing NULL checks on malloc() in ssh_connect()

    conn_api.rd_buf and conn_api.wr_buf were allocated with malloc() but
    never checked for failure. The I/O threads started immediately after
    would dereference the NULL pointers and crash. Other connection types (conn_pty.c, conn_conpty.c, modem.c, rlogin.c) already had these
    checks; ssh.c was an oversight.

    The error paths also free(pubkey), which is either a valid allocation
    from get_public_key() or the initial NULL — both safe for free().

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Sunday, March 15, 2026 14:09:13
    https://gitlab.synchro.net/main/sbbs/-/commit/0d4a52ec4893ef1cb472f45f
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    Add missing create_conn_buf() error checks in ssh.c

    Check return values and clean up on failure, matching the pattern
    used by all other connection providers (rlogin, telnet, modem, pty,
    conpty).

    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Thursday, April 23, 2026 18:36:00
    https://gitlab.synchro.net/main/sbbs/-/commit/2b39083e8614601afbacc67c
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    SyncTERM: send TERM environment variable on SSH channel

    Add an SSH "env" request (RFC 4254 §6.4) alongside the existing pty-req
    TERM, so servers that read TERM from the environment (rather than from
    the pty allocation) pick up SyncTERM's emulation string.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Thursday, April 23, 2026 18:36:00
    https://gitlab.synchro.net/main/sbbs/-/commit/4781761a1bdbbe54562ed0b4
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    SyncTERM: warn the user about weak SSH host keys

    Treat any RSA-family host key under 2048 bits as weak (NIST 2024 floor;
    Ed25519 is always 256 and considered strong). The host-key verify
    callback now stashes the algorithm name and key size so the post-
    handshake UI can act on it:

    - HOSTKEY_NEW + weak: prompt "Weak host key (NNNN-bit algo)" with a
    Disconnect/Accept choice instead of silent TOFU. Under hidepopups
    (no human present) refuse the connection rather than auto-trust a
    weak key.
    - HOSTKEY_MISMATCH + weak: existing change-fingerprint dialog grows a
    "WARNING: the new key is a NNNN-bit algo, below the 2048-bit safety
    floor" block, and the title itself becomes "Fingerprint Changed —
    WEAK NNNN-bit algo key" so the warning is visible without F1.
    - Strong keys: behaviour unchanged (NEW silently TOFU's, MISMATCH
    uses the original dialog).

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Thursday, April 23, 2026 18:36:00
    https://gitlab.synchro.net/main/sbbs/-/commit/54ee6004c208dc090d31703f
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    SyncTERM: display SSH auth banners (RFC 4252 §5.4)

    Wire DeuceSSH's per-session banner callback to uifc.showbuf().
    Each SSH_MSG_USERAUTH_BANNER from the server is shown modally as it
    arrives during authentication; auth resumes when the user dismisses.
    Skipped under bbs->hidepopups (automated sessions with no human to
    read the banner).

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Saturday, April 25, 2026 04:38:43
    https://gitlab.synchro.net/main/sbbs/-/commit/16c431f72e34453704dcb004
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    syncterm: identify in SSH banner, add RSA-SHA2-512, timeout, cleanse

    Four small additions in ssh.c using DeuceSSH APIs we hadn't wired up:

    - build_ssh_software_version() derives an RFC 4253 software-version
    token from syncterm_version (e.g. "SyncTERM_1.9b") and registers it
    via dssh_transport_set_version() so server admins can identify
    SyncTERM in their logs. The build flavor (Debug suffix) is
    deliberately stripped because the version banner is sent before
    encryption is established.

    - dssh_register_rsa_sha2_512() rounds out the host-key set; we already
    advertised SHA-256. Costs nothing and lets us interoperate with
    servers that prefer or require the SHA-512 variant.

    - dssh_session_set_timeout(60000) caps the library's peer-response
    waits at 60s. The default is 75s; the tighter bound surfaces hung
    handshakes before users assume SyncTERM has frozen.

    - dssh_cleanse() wipes the local password buffer in ssh_connect()
    after the auth attempts finish and the kbd-interactive answer
    buffer in kbi_prompt_cb(). Prevents secrets from lingering in
    stack slots that the compiler might otherwise leave intact.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Saturday, April 25, 2026 04:38:43
    https://gitlab.synchro.net/main/sbbs/-/commit/cc8f3254781763bddaef82b3
    Modified Files:
    src/syncterm/ssh.c
    Log Message:
    syncterm: simplify SSH auth flow; PuTTY-style KBI password autofill

    Replace the auth state machine in ssh_connect() with a flat, strongest-to-weakest order driven by the RFC 4252 "none" probe:

    1. probe; if "none" was accepted we're done
    2. publickey (if advertised)
    3. password (if advertised — stored value first, then up to 3 prompts)
    4. keyboard-interactive (if advertised)

    Each method is gated on the server's advertised list, so users aren't
    prompted for credentials the server would reject regardless (e.g. an
    OpenSSH target with PasswordAuthentication=no no longer cycles three
    dead password prompts before falling through to KBI).

    Also fixes a latent bug in the SSHNA path that unconditionally set
    auth_rc=0 on any non-error return from dssh_auth_get_methods, even
    when the response was "methods available, none-auth not accepted".

    In kbi_prompt_cb:

    - Auto-fill the saved password when the server sends exactly the
    literal prompt "Password: " (PuTTY-style: single prompt, echo off,
    literal text match). This avoids burning credentials on 2FA
    "Passcode:" prompts, GPG-style "Passphrase:" prompts, password-
    change flows, or anything else dressed up to look password-like.
    The fire-once latch ensures a wrong saved password doesn't loop;
    subsequent prompts fall through to the user.

    - Strip a trailing ':' from the server's prompt before passing it
    to uifcinput(), since uifc.input always appends ':' itself and
    "Password:" would otherwise render as "Password::".

    Drops the speculative "Cryptlib mishandles failed ssh-ed25519 publickey
    probe" gate — the comment was likely a debugging artifact, not a
    verified server behavior, and gating production logic on an
    unreproducible claim made the flow harder to reason about than the
    risk justified.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)