src/syncterm ssh.c 1.24 1.25
Update of /cvsroot/sbbs/src/syncterm
In directory cvs:/tmp/cvs-serv11789

Modified Files:
ssh.c
Log Message:
Flush the SSH session before popping data in case a rekey is needed.
Fixes issue with large downloads over SSH.



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

src/syncterm ssh.c 1.30 1.31
Update of /cvsroot/sbbs/src/syncterm
In directory cvs:/tmp/cvs-serv23494

Modified Files:
ssh.c
Log Message:
Fix timeout errors after a rekey. While rev 1.25 fixed large downloads,
large uploads remained an issue as if there's no data received on the connection for over a second, the input thread would abort due to timeout.

Fixes bug https://sf.net/p/syncterm/tickets/21/
This is serious enough to trigger a new RC I believe (sigh)



---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/0c5a796cff1c4a2c99ec08af
Modified Files:
src/syncterm/ssh.c
Log Message:
Somewhat working now... still some issues getting the second channel
working reliably though.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/468180f2be44185b50f0baff
Modified Files:
src/syncterm/ssh.c
Log Message:
Remove debug output
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/2e96a7e2a699035d7e7599fb
Modified Files:
src/syncterm/ssh.c
Log Message:
Re-disable code accidentally enabled in last commit
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/5bf3dfcd018246bced648726
Modified Files:
src/syncterm/ssh.c
Log Message:
Clean up sftp popups.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/999b9b76a1f3725be712d634
Modified Files:
src/syncterm/ssh.c
Log Message:
Always flush after grabbing ssh mutex
When flushing, set timeouts high, then set zero read timeout
Ensure channel IDs are protected by the ssh mutex
Check channels are open every time though input thread and before sends
Fix various locking errors
Install public key in a background thread

Once a startup race is fixed, this should be good to go!
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/ff1291b5710fa601a21a2762
Modified Files:
src/syncterm/ssh.c
Log Message:
Set timeouts at start and leave them that way
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/17cd7b169aea2d5c1f49d1ba
Modified Files:
src/syncterm/ssh.c
Log Message:
Fix bug in last commit
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/0a3c7b9c1d53ff3465456487
Modified Files:
src/syncterm/ssh.c
Log Message:
Add include for asprintf() on Win32
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/157650844ddb11acc6269f14
Modified Files:
src/syncterm/ssh.c
Log Message:
Fix up handling of lost connections.

Was spinning at 100% CPU on a lost connection if sftp was active.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/219303a61fa2e47752c5a974
Modified Files:
src/syncterm/ssh.c
Log Message:
Check sftp_state before ending.

Fixes assertion failure on hangup from SSH.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/f6fe7c315f2f0fe3d9133a47
Modified Files:
src/syncterm/ssh.c
Log Message:
If we get a pop error, and there is no channel, we're done.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/81b1224cf11dc2ce0993e45a
Modified Files:
src/syncterm/ssh.c
Log Message:
More remote closing connection fixups.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/8db8e78736120a18caca8a0d
Modified Files:
src/syncterm/ssh.c
Log Message:
Zero-Iniitalize err_len

If call to GetAttributeString() fails, err_len can contain garbage.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/407eca73d3f48af29fcfd8aa
Modified Files:
src/syncterm/ssh.c
Log Message:
If call to GetAttributeString() fails, we have a lot worse problems
than err_len containing garbage.

Handle the error and mention we didn't get the message.
While we're here, check the return value of malloc().
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/43634f586821e25e09c6e45e
Modified Files:
src/syncterm/ssh.c
Log Message:
Lower timeouts when closing SSH session.

Reduces the time after a forced hangup that you need to wait before
returning to the main menu.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/b855aa17bcc8b2c437968d9d
Modified Files:
src/syncterm/ssh.c
Log Message:
Remove crufty code that effectively never does anything.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/80c10879c30446f7f74ec6d4
Modified Files:
src/syncterm/ssh.c
Log Message:
Move sftp_channel under the ssh_mutex completely.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/e7d411e01d7e8422c1ce74ee
Modified Files:
src/syncterm/ssh.c
Log Message:
Move sftp_state inside ssh_mutex.

This won't matter now since only one thread ever touches it, but
when cool stuff happens, it could.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/b8bc029bb50b1f05d5d26d4b
Modified Files:
src/syncterm/ssh.c
Log Message:
Expand ssh_mutex over the flushes.

This should also resolve a conspiracy Coverity has about two input
threads running at the same time.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/282069f99e40cfdd38fe2bf8
Modified Files:
src/syncterm/ssh.c
Log Message:
Likely fix a bunch of Coverity warnings.

This is a very crazy lock/unlock pattern... an extra assignment
makes it easier to follow the logic.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/c7a09e0f7ce76d9016906c9e
Modified Files:
src/syncterm/ssh.c
Log Message:
Move an sftp_state check inside mutex to silence Coverity.

There's still outstanding issues in Coverity around sftp_state and
sftp_channel that need some deep thought, but this one is trivial.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/abec3d19c45e767bb6757e35
Modified Files:
src/syncterm/ssh.c
Log Message:
More input thread cleanup. There was an errant lock in there.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/b73c823bc200775056bbb0cd
Modified Files:
src/syncterm/ssh.c
Log Message:
Catch when cryptFlushData() says the channel is closed.

Also, fix an unlikely race condition. This, combined with the
cryptlib patches, fixes various weird SSH hangs resulting from
partial reads of the SSH packet headers... a rare event that's
very hard to trigger. Special thanks to MeaTLoTioN for reporting
this, and running a BBS that manages to trigger it reliably.

Check out The Quantum Wormhole and say thanks!
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/b2041514748d0f4027763c73
Modified Files:
src/syncterm/ssh.c
Log Message:
sftp_channel is always -1 here.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/ccd73340c94c1eb688c7d561
Modified Files:
src/syncterm/ssh.c
Log Message:
Fix LOR ion error path.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/efc6e23418fbd7a19cb77759
Modified Files:
src/syncterm/ssh.c
Log Message:
Fix double-unlock and add code for impoosible situation
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/7290558b5d91b75fd34f7b8c
Modified Files:
src/syncterm/ssh.c
Log Message:
Move sftp_state setting outside of the ssh mutexes.

Doesn't hurt anything where they were, but Coverity kinda reverse
suggested it.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/1bac2b62ef23ae473cb4622c
Modified Files:
src/syncterm/ssh.c
Log Message:
Fix sourceforge issue 136

With ssh_sock initialized to zero, if the connect fails, stdin was
closed, preventing ANSI and curses modes from functioning.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/8bc6f5f864e69b8d3c1f5680
Modified Files:
src/syncterm/ssh.c
Log Message:
Some more ssh_close() cleanup

Make ssh_active only true when ssh_session was set.
Only do ssh cleanup if ssh_active is true.
Initialize channel values to -1 (already done in ssh_connect(), but
doesn't hurt anything).
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/3d425a47316e605164f7b3e5
Modified Files:
src/syncterm/ssh.c
Log Message:
Be sure to close ssh_sock regardless of ssh_active
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/69c11e5072818e18aeb38f5e
Modified Files:
src/syncterm/ssh.c
Log Message:
Destroy ssh_tx_mutex
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/5508a8a558058fcaeb356242
Modified Files:
src/syncterm/ssh.c
Log Message:
No no, *DESTROY* sftp_tx_mutex
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/e15ba30749ace18e46675ec4
Modified Files:
src/syncterm/ssh.c
Log Message:
Move ssh_complete out of ssh_mutex

Coverity seems to hate it mostly in the mutex, so change it to
mostly outside of the mutex and see if that's fine.

It doesn't really matter where it's changed as it's an atomic bool.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/1326b624bd973b8e3f6e9b93
Modified Files:
src/syncterm/ssh.c
Log Message:
Fix memory leak when connection lost during SFTP key check

Found by scan-build
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/ee15f3cfe79bf6f5f0486f3e
Modified Files:
src/syncterm/ssh.c
Log Message:
Remove more redundant code

ssh_active was never set to false anymore
channel_gone did exactly the same thing as conn_api.terminate
change read/write timeouts to zero when closing
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/0ad896e3b34767ba64207875
Modified Files:
src/syncterm/ssh.c
Log Message:
Remove likely obsolete Coverity suppression.

It can be added back if the issue reappears.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/772609493c77c12dcadf8bc4
Modified Files:
src/syncterm/ssh.c
Log Message:
assert() ssh globals are initialized correctly.

Some weren't (mostly sftp ones though)
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/0ff6b5ecb393dcf2f170f68e
Modified Files:
src/syncterm/ssh.c
Log Message:
Re-add coverity suppression. Not obsolete.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/062c3faba40c1a72664e80c3
Modified Files:
src/syncterm/ssh.c
Log Message:
Call ssh_close() on failure after ssh_session is initialized

Fixes assertion on failed connects.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/a45466867429f3ad7043fb5e
Modified Files:
src/syncterm/ssh.c
Log Message:
Add missing NULL checks on malloc() in ssh_connect()

conn_api.rd_buf and conn_api.wr_buf were allocated with malloc() but
never checked for failure. The I/O threads started immediately after
would dereference the NULL pointers and crash. Other connection types (conn_pty.c, conn_conpty.c, modem.c, rlogin.c) already had these
checks; ssh.c was an oversight.

The error paths also free(pubkey), which is either a valid allocation
from get_public_key() or the initial NULL Ä both safe for free().

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/0d4a52ec4893ef1cb472f45f
Modified Files:
src/syncterm/ssh.c
Log Message:
Add missing create_conn_buf() error checks in ssh.c

Check return values and clean up on failure, matching the pattern
used by all other connection providers (rlogin, telnet, modem, pty,
conpty).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/2b39083e8614601afbacc67c
Modified Files:
src/syncterm/ssh.c
Log Message:
SyncTERM: send TERM environment variable on SSH channel

Add an SSH "env" request (RFC 4254 6.4) alongside the existing pty-req
TERM, so servers that read TERM from the environment (rather than from
the pty allocation) pick up SyncTERM's emulation string.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/4781761a1bdbbe54562ed0b4
Modified Files:
src/syncterm/ssh.c
Log Message:
SyncTERM: warn the user about weak SSH host keys

Treat any RSA-family host key under 2048 bits as weak (NIST 2024 floor;
Ed25519 is always 256 and considered strong). The host-key verify
callback now stashes the algorithm name and key size so the post-
handshake UI can act on it:

- HOSTKEY_NEW + weak: prompt "Weak host key (NNNN-bit algo)" with a
Disconnect/Accept choice instead of silent TOFU. Under hidepopups
(no human present) refuse the connection rather than auto-trust a
weak key.
- HOSTKEY_MISMATCH + weak: existing change-fingerprint dialog grows a
"WARNING: the new key is a NNNN-bit algo, below the 2048-bit safety
floor" block, and the title itself becomes "Fingerprint Changed Ä
WEAK NNNN-bit algo key" so the warning is visible without F1.
- Strong keys: behaviour unchanged (NEW silently TOFU's, MISMATCH
uses the original dialog).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/54ee6004c208dc090d31703f
Modified Files:
src/syncterm/ssh.c
Log Message:
SyncTERM: display SSH auth banners (RFC 4252 5.4)

Wire DeuceSSH's per-session banner callback to uifc.showbuf().
Each SSH_MSG_USERAUTH_BANNER from the server is shown modally as it
arrives during authentication; auth resumes when the user dismisses.
Skipped under bbs->hidepopups (automated sessions with no human to
read the banner).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/16c431f72e34453704dcb004
Modified Files:
src/syncterm/ssh.c
Log Message:
syncterm: identify in SSH banner, add RSA-SHA2-512, timeout, cleanse

Four small additions in ssh.c using DeuceSSH APIs we hadn't wired up:

- build_ssh_software_version() derives an RFC 4253 software-version
token from syncterm_version (e.g. "SyncTERM_1.9b") and registers it
via dssh_transport_set_version() so server admins can identify
SyncTERM in their logs. The build flavor (Debug suffix) is
deliberately stripped because the version banner is sent before
encryption is established.

- dssh_register_rsa_sha2_512() rounds out the host-key set; we already
advertised SHA-256. Costs nothing and lets us interoperate with
servers that prefer or require the SHA-512 variant.

- dssh_session_set_timeout(60000) caps the library's peer-response
waits at 60s. The default is 75s; the tighter bound surfaces hung
handshakes before users assume SyncTERM has frozen.

- dssh_cleanse() wipes the local password buffer in ssh_connect()
after the auth attempts finish and the kbd-interactive answer
buffer in kbi_prompt_cb(). Prevents secrets from lingering in
stack slots that the compiler might otherwise leave intact.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/cc8f3254781763bddaef82b3
Modified Files:
src/syncterm/ssh.c
Log Message:
syncterm: simplify SSH auth flow; PuTTY-style KBI password autofill

Replace the auth state machine in ssh_connect() with a flat, strongest-to-weakest order driven by the RFC 4252 "none" probe:

1. probe; if "none" was accepted we're done
2. publickey (if advertised)
3. password (if advertised Ä stored value first, then up to 3 prompts)
4. keyboard-interactive (if advertised)

Each method is gated on the server's advertised list, so users aren't
prompted for credentials the server would reject regardless (e.g. an
OpenSSH target with PasswordAuthentication=no no longer cycles three
dead password prompts before falling through to KBI).

Also fixes a latent bug in the SSHNA path that unconditionally set
auth_rc=0 on any non-error return from dssh_auth_get_methods, even
when the response was "methods available, none-auth not accepted".

In kbi_prompt_cb:

- Auto-fill the saved password when the server sends exactly the
literal prompt "Password: " (PuTTY-style: single prompt, echo off,
literal text match). This avoids burning credentials on 2FA
"Passcode:" prompts, GPG-style "Passphrase:" prompts, password-
change flows, or anything else dressed up to look password-like.
The fire-once latch ensures a wrong saved password doesn't loop;
subsequent prompts fall through to the user.

- Strip a trailing ':' from the server's prompt before passing it
to uifcinput(), since uifc.input always appends ':' itself and
"Password:" would otherwise render as "Password::".

Drops the speculative "Cryptlib mishandles failed ssh-ed25519 publickey
probe" gate Ä the comment was likely a debugging artifact, not a
verified server behavior, and gating production logic on an
unreproducible claim made the flow harder to reason about than the
risk justified.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net