Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

SSH: make banner parsing more robust

Browse source 
This change revamps SSH banner parsing.  The previous behavior was both
a bit too strict in some regards, and too permissive in other.

Specifically, clients are now required to send a line starting with
"SSH-" as the first line.  This is in line with the RFC, as well with
observed behavior. This also prevents the creation of `ssh.log` for
non-SSH traffic on port 22.

For the server side, we now accept text before the SSH banner. This
previously led to a protocol violation but is allowed by the spec.

New tests are added to cover these cases.
This commit is contained in:
Johanna Amann 2025-03-13 15:14:12 +00:00
parent 629f2bd03a
commit 6023c8b906
14 changed files with 142 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/external/commit-hash.zeek-testing-private vendored
View file

@ -1 +1 @@
296a3b2bfd36a74c8aa22f175cea4c00a9f4d079
2fa4bd6a18c376c64629a6d5679c230423f60913