Arne Welzel 4f084b0b9a ssh: Fallback to client or server selected version for parsing ... In half-duplex setups (or when client/server coalesce the SSH version line with the KEX packet, get_version() would return UNK as version, causing a protocol violation. Make this slightly more robust by using and setting the version which either side had set to continue parsing. For the special case of SSH-1.99, select SSH-2.0. We could try to peak into the payload following the packet length field and check for a KEX_INIT type byte to select SSH2 as a heuristic, but not sure how to accomplish this. Slight regression fix for 3769ed6c66 which started to require visibility for client and server version rather than just the client's version.		2024-06-12 16:30:18 +02:00
..
basic.test	GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev.	2019-05-01 21:43:45 +00:00
curve25519_kex.test	GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev.	2019-05-01 21:43:45 +00:00
fingerprints.zeek	Deprecate "ssh1_server_host_key" parameters *e* and *p*	2020-11-13 22:58:56 -08:00
half-duplex-client.zeek	ssh: Fallback to client or server selected version for parsing	2024-06-12 16:30:18 +02:00
half-duplex-server.zeek	ssh: Fallback to client or server selected version for parsing	2024-06-12 16:30:18 +02:00
one-auth-fail-only.test	General btest cleanup	2020-08-11 11:26:22 -07:00
set_version.zeek	Change SSH version field to be &optional.	2021-06-17 09:24:46 +02:00
ssh-reverse-connection.zeek	Added several events for detailed info on the SSH2 key init directions	2022-12-05 12:35:05 +01:00
ssh_dh_gex_direction.zeek	Added several events for detailed info on the SSH2 key init directions	2022-12-05 12:35:05 +01:00
ssh_segmented_encryption_transition.zeek	GH-566: fix cases where ssh_encrypted_packet event wasn't raised	2019-09-03 17:34:24 -07:00
ssh_version_199.zeek	[SSH] Handle SSH version 1.99	2020-11-14 15:33:34 +01:00